aboutsummaryrefslogtreecommitdiff
path: root/test/results/flow-info
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2024-04-10 16:06:29 +0200
committerToni Uhlig <matzeton@googlemail.com>2024-04-10 16:06:53 +0200
commit53126a0af9341d609247ef63b494c44b33a93baf (patch)
treead619d22a8c14177651175d283b4f3705a986f22 /test/results/flow-info
parent15608bb57173a113665552f2b515e57f2e5f2fc4 (diff)
bump libnDPI to 142c8f5afb90629762920db6703831826513e00b
* fixed `git format` hash length Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-info')
-rw-r--r--test/results/flow-info/caches_cfg/teams.pcap.out21
-rw-r--r--test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out9
-rw-r--r--test/results/flow-info/caches_global/teams.pcap.out21
-rw-r--r--test/results/flow-info/default/1kxun.pcap.out5
-rw-r--r--test/results/flow-info/default/443-chrome.pcap.out2
-rw-r--r--test/results/flow-info/default/KakaoTalk_chat.pcap.out1
-rw-r--r--test/results/flow-info/default/KakaoTalk_talk.pcap.out1
-rw-r--r--test/results/flow-info/default/collectd.pcap.out2
-rw-r--r--test/results/flow-info/default/dotenv.pcap.out4
-rw-r--r--test/results/flow-info/default/elf.pcap.out12
-rw-r--r--test/results/flow-info/default/emotet.pcap.out8
-rw-r--r--test/results/flow-info/default/exe_download.pcap.out4
-rw-r--r--test/results/flow-info/default/ftp.pcap.out2
-rw-r--r--test/results/flow-info/default/gnutella.pcap.out8
-rw-r--r--test/results/flow-info/default/http_ipv6.pcap.out1
-rw-r--r--test/results/flow-info/default/instagram.pcap.out4
-rw-r--r--test/results/flow-info/default/kerberos.pcap.out13
-rw-r--r--test/results/flow-info/default/kontiki.pcap.out1
-rw-r--r--test/results/flow-info/default/lru_ipv6_caches.pcapng.out9
-rw-r--r--test/results/flow-info/default/netflix.pcap.out72
-rw-r--r--test/results/flow-info/default/nintendo.pcap.out2
-rw-r--r--test/results/flow-info/default/portable_executable.pcap.out12
-rw-r--r--test/results/flow-info/default/pps.pcap.out42
-rw-r--r--test/results/flow-info/default/quickplay.pcap.out16
-rw-r--r--test/results/flow-info/default/riot.pcapng.out2
-rw-r--r--test/results/flow-info/default/shell.pcap.out20
-rw-r--r--test/results/flow-info/default/starcraft_battle.pcap.out4
-rw-r--r--test/results/flow-info/default/stun_signal.pcapng.out54
-rw-r--r--test/results/flow-info/default/stun_wa_call.pcapng.out8
-rw-r--r--test/results/flow-info/default/teams.pcap.out21
-rw-r--r--test/results/flow-info/default/telegram_videocall.pcapng.out22
-rw-r--r--test/results/flow-info/default/tls_certificate_too_long.pcap.out9
-rw-r--r--test/results/flow-info/default/wa_video.pcap.out9
-rw-r--r--test/results/flow-info/default/wa_voice.pcap.out8
-rw-r--r--test/results/flow-info/default/waze.pcap.out4
-rw-r--r--test/results/flow-info/default/wechat.pcap.out1
-rw-r--r--test/results/flow-info/default/weibo.pcap.out2
-rw-r--r--test/results/flow-info/default/whatsapp_login_call.pcap.out24
-rw-r--r--test/results/flow-info/default/windowsupdate_over_http.pcap.out4
-rw-r--r--test/results/flow-info/default/zoom.pcap.out1
-rw-r--r--test/results/flow-info/enable_payload_stat/1kxun.pcap.out5
-rw-r--r--test/results/flow-info/ip_lists_disable/1kxun.pcap.out5
-rw-r--r--test/results/flow-info/stun_mapped_address_disabled/teams.pcap.out573
43 files changed, 905 insertions, 143 deletions
diff --git a/test/results/flow-info/caches_cfg/teams.pcap.out b/test/results/flow-info/caches_cfg/teams.pcap.out
index 0f51670c4..9c24be31a 100644
--- a/test/results/flow-info/caches_cfg/teams.pcap.out
+++ b/test/results/flow-info/caches_cfg/teams.pcap.out
@@ -369,7 +369,7 @@
detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443]
new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478]
- detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+ detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
detection-update: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478]
@@ -377,11 +377,13 @@
detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478]
- detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+ detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478]
detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
detection-update: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][>??i)?<????????????r]
+ detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][s?>?ed???[??+ez4???m]
new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443]
new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443]
detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152]
@@ -412,6 +414,12 @@
new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036]
detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+ RISK: Unidirectional Traffic
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
+ RISK: Unidirectional Traffic
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036]
detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
@@ -428,6 +436,10 @@
[IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9]
[PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]
[ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6]
+ detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443]
detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
detection-update: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
@@ -460,11 +472,11 @@
idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
idle: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
@@ -516,6 +528,7 @@
RISK: Known Proto on Non Std Port
idle: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_Teams][Azure][VoIP][Acceptable]
+ RISK: Susp Entropy
idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478]
idle: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe]
not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated]
diff --git a/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out b/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out
index 9fb54e98e..8d8174ec0 100644
--- a/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out
+++ b/test/results/flow-info/caches_global/lru_ipv6_caches.pcapng.out
@@ -24,6 +24,8 @@
RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478]
detected: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
new: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144]
detected: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS][Unknown][Web][Safe][]
RISK: Unidirectional Traffic
@@ -43,8 +45,12 @@
RISK: Unidirectional Traffic
new: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478]
detected: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
new: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478]
detected: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
idle: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS.Cloudflare][Unknown][Web][Acceptable]
RISK: Unidirectional Traffic
idle: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable]
@@ -60,9 +66,12 @@
idle: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] [BitTorrent][Unknown][Download][Acceptable]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ RISK: Unidirectional Traffic
idle: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ RISK: Unidirectional Traffic
idle: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [STUN][Unknown][Network][Acceptable]
idle: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ RISK: Unidirectional Traffic
idle: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] [BitTorrent][Unknown][Download][Acceptable]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/caches_global/teams.pcap.out b/test/results/flow-info/caches_global/teams.pcap.out
index 0f51670c4..9c24be31a 100644
--- a/test/results/flow-info/caches_global/teams.pcap.out
+++ b/test/results/flow-info/caches_global/teams.pcap.out
@@ -369,7 +369,7 @@
detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443]
new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478]
- detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+ detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
detection-update: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478]
@@ -377,11 +377,13 @@
detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478]
- detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+ detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478]
detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
detection-update: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][>??i)?<????????????r]
+ detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][s?>?ed???[??+ez4???m]
new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443]
new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443]
detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152]
@@ -412,6 +414,12 @@
new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036]
detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+ RISK: Unidirectional Traffic
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
+ RISK: Unidirectional Traffic
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036]
detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
@@ -428,6 +436,10 @@
[IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9]
[PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]
[ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6]
+ detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443]
detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
detection-update: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
@@ -460,11 +472,11 @@
idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
idle: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
@@ -516,6 +528,7 @@
RISK: Known Proto on Non Std Port
idle: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_Teams][Azure][VoIP][Acceptable]
+ RISK: Susp Entropy
idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478]
idle: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe]
not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated]
diff --git a/test/results/flow-info/default/1kxun.pcap.out b/test/results/flow-info/default/1kxun.pcap.out
index 2b471b0ff..8a5569319 100644
--- a/test/results/flow-info/default/1kxun.pcap.out
+++ b/test/results/flow-info/default/1kxun.pcap.out
@@ -427,7 +427,7 @@
new: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [MIDSTREAM]
detected: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com]
detection-update: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
new: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [MIDSTREAM]
detected: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com]
new: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [MIDSTREAM]
@@ -571,6 +571,7 @@
idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable]
RISK: Non-Printable/Invalid Chars Detected
guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe]
+ RISK: Susp Entropy
idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406]
end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable]
RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI
@@ -863,7 +864,7 @@
idle: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
idle: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable]
idle: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
idle: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun]
diff --git a/test/results/flow-info/default/443-chrome.pcap.out b/test/results/flow-info/default/443-chrome.pcap.out
index 6d5d1ad07..8d6f2778e 100644
--- a/test/results/flow-info/default/443-chrome.pcap.out
+++ b/test/results/flow-info/default/443-chrome.pcap.out
@@ -3,6 +3,6 @@
DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
new: [.....1] [ip4][..tcp] [.178.62.197.130][..443] -> [...192.168.1.13][53059] [MIDSTREAM]
guessed: [.....1] [ip4][..tcp] [.178.62.197.130][..443] -> [...192.168.1.13][53059] [TLS][Unknown][Web][Safe]
- RISK: Unidirectional Traffic
+ RISK: Susp Entropy, Unidirectional Traffic
idle: [.....1] [ip4][..tcp] [.178.62.197.130][..443] -> [...192.168.1.13][53059]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/KakaoTalk_chat.pcap.out b/test/results/flow-info/default/KakaoTalk_chat.pcap.out
index 3bfc7430e..dd73ed7ce 100644
--- a/test/results/flow-info/default/KakaoTalk_chat.pcap.out
+++ b/test/results/flow-info/default/KakaoTalk_chat.pcap.out
@@ -214,6 +214,7 @@
guessed: [....14] [ip4][..tcp] [..216.58.221.10][...80] -> [...10.24.82.188][35922] [HTTP][Google][Web][Acceptable][]
end: [....14] [ip4][..tcp] [..216.58.221.10][...80] -> [...10.24.82.188][35922]
guessed: [....35] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [TLS][Unknown][Web][Safe]
+ RISK: Susp Entropy
idle: [....35] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947]
idle: [.....8] [ip4][..udp] [...10.24.82.188][.9094] -> [.....10.188.1.1][...53] [DNS.KakaoTalk][Unknown][Network][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/KakaoTalk_talk.pcap.out b/test/results/flow-info/default/KakaoTalk_talk.pcap.out
index 65d33336d..57982e439 100644
--- a/test/results/flow-info/default/KakaoTalk_talk.pcap.out
+++ b/test/results/flow-info/default/KakaoTalk_talk.pcap.out
@@ -122,5 +122,6 @@
idle: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Unknown][Media][Acceptable]
idle: [....10] [ip4][..udp] [...10.24.82.188][11321] -> [....1.201.1.174][23045] [KakaoTalk_Voice][Unknown][VoIP][Acceptable]
guessed: [.....7] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947] [TLS][Unknown][Web][Safe]
+ RISK: Susp Entropy
idle: [.....7] [ip4][..tcp] [..139.150.0.125][..443] -> [...10.24.82.188][46947]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/collectd.pcap.out b/test/results/flow-info/default/collectd.pcap.out
index f0d5e4fcd..3f3d358fb 100644
--- a/test/results/flow-info/default/collectd.pcap.out
+++ b/test/results/flow-info/default/collectd.pcap.out
@@ -19,8 +19,10 @@
new: [.....6] [ip4][..udp] [......127.0.0.1][54138] -> [......127.0.0.1][25826]
detected: [.....6] [ip4][..udp] [......127.0.0.1][54138] -> [......127.0.0.1][25826] [collectd][Unknown][System][Acceptable][devlap.fritz.box]
guessed: [.....4] [ip4][..udp] [.192.168.178.35][39576] -> [..239.192.74.66][25826] [collectd][Unknown][System][Acceptable][]
+ RISK: Susp Entropy
idle: [.....4] [ip4][..udp] [.192.168.178.35][39576] -> [..239.192.74.66][25826]
guessed: [.....5] [ip4][..udp] [.192.168.178.35][39577] -> [..239.192.74.66][25826] [collectd][Unknown][System][Acceptable][]
+ RISK: Susp Entropy
idle: [.....5] [ip4][..udp] [.192.168.178.35][39577] -> [..239.192.74.66][25826]
new: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826]
detected: [.....7] [ip4][..udp] [......127.0.0.1][35988] -> [......127.0.0.1][25826] [collectd][Unknown][System][Acceptable][devlap.fritz.box]
diff --git a/test/results/flow-info/default/dotenv.pcap.out b/test/results/flow-info/default/dotenv.pcap.out
index 40f476f3e..448aa097d 100644
--- a/test/results/flow-info/default/dotenv.pcap.out
+++ b/test/results/flow-info/default/dotenv.pcap.out
@@ -5,7 +5,7 @@
detected: [.....1] [ip4][..tcp] [..192.168.2.198][51327] -> [....89.31.76.10][...80] [HTTP][Unknown][Web][Acceptable][sevenpitaly.com]
RISK: Possible Exploit Attempt
detection-update: [.....1] [ip4][..tcp] [..192.168.2.198][51327] -> [....89.31.76.10][...80] [HTTP][Unknown][Download][Acceptable][sevenpitaly.com]
- RISK: Possible Exploit Attempt, Error Code, Binary Data Transfer Attemot
+ RISK: Possible Exploit Attempt, Error Code, Binary file/data transfer (attempt)
end: [.....1] [ip4][..tcp] [..192.168.2.198][51327] -> [....89.31.76.10][...80] [HTTP][Unknown][Download][Acceptable]
- RISK: Possible Exploit Attempt, Error Code, Binary Data Transfer Attemot
+ RISK: Possible Exploit Attempt, Error Code, Binary file/data transfer (attempt)
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/elf.pcap.out b/test/results/flow-info/default/elf.pcap.out
new file mode 100644
index 000000000..98eb41eb7
--- /dev/null
+++ b/test/results/flow-info/default/elf.pcap.out
@@ -0,0 +1,12 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip4][..udp] [......127.0.0.1][60150] -> [......127.0.0.1][33333]
+ new: [.....2] [ip4][..tcp] [......127.0.0.1][41150] -> [......127.0.0.1][33333]
+ not-detected: [.....2] [ip4][..tcp] [......127.0.0.1][41150] -> [......127.0.0.1][33333] [Unknown][Unknown][Unrated]
+ RISK: Binary App Transfer
+ end: [.....2] [ip4][..tcp] [......127.0.0.1][41150] -> [......127.0.0.1][33333]
+ not-detected: [.....1] [ip4][..udp] [......127.0.0.1][60150] -> [......127.0.0.1][33333] [Unknown][Unknown][Unrated]
+ RISK: Binary App Transfer, Unidirectional Traffic
+ idle: [.....1] [ip4][..udp] [......127.0.0.1][60150] -> [......127.0.0.1][33333]
+ DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/emotet.pcap.out b/test/results/flow-info/default/emotet.pcap.out
index 7c0a683d7..b04634f07 100644
--- a/test/results/flow-info/default/emotet.pcap.out
+++ b/test/results/flow-info/default/emotet.pcap.out
@@ -33,7 +33,7 @@
new: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80]
detected: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Web][Acceptable][gandhitoday.org]
detection-update: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable][gandhitoday.org]
- RISK: Binary App Transfer
+ RISK: Binary App Transfer, Binary file/data transfer (attempt)
idle: [.....2] [ip4][..tcp] [....10.3.29.101][56309] -> [.104.161.127.22][...80] [HTTP][Unknown][Web][Acceptable]
DAEMON-EVENT: [Processed: 122 pkts][ZLib][compressions: 0|diff: 0 / 0]
DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0]
@@ -41,9 +41,9 @@
detected: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Web][Acceptable][filmmogzivota.rs]
RISK: HTTP Susp User-Agent
detection-update: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable][filmmogzivota.rs]
- RISK: Binary App Transfer, HTTP Susp User-Agent
+ RISK: Binary App Transfer, HTTP Susp User-Agent, Binary file/data transfer (attempt)
idle: [.....3] [ip4][..tcp] [....10.4.20.102][54319] -> [107.161.178.210][...80] [HTTP][Unknown][Download][Acceptable]
- RISK: Binary App Transfer
+ RISK: Binary App Transfer, Binary file/data transfer (attempt)
new: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443]
detected: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][]
RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
@@ -55,7 +55,7 @@
detection-update: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe][]
RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
idle: [.....4] [ip4][..tcp] [....10.4.25.101][49797] -> [..77.105.36.156][...80] [HTTP][Unknown][Download][Acceptable]
- RISK: Binary App Transfer, HTTP Susp User-Agent
+ RISK: Binary App Transfer, HTTP Susp User-Agent, Binary file/data transfer (attempt)
idle: [.....5] [ip4][..tcp] [....10.4.25.101][49803] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe]
RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn
end: [.....6] [ip4][..tcp] [....10.4.25.101][49804] -> [138.197.147.101][..443] [TLS][Unknown][Web][Safe]
diff --git a/test/results/flow-info/default/exe_download.pcap.out b/test/results/flow-info/default/exe_download.pcap.out
index ee5e346f4..aa74f9c93 100644
--- a/test/results/flow-info/default/exe_download.pcap.out
+++ b/test/results/flow-info/default/exe_download.pcap.out
@@ -5,7 +5,7 @@
detected: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Unknown][Web][Acceptable][144.91.69.195]
RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI
detection-update: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Unknown][Download][Acceptable][144.91.69.195]
- RISK: Binary App Transfer, HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Obsolete Server
+ RISK: Binary App Transfer, HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Obsolete Server, Binary file/data transfer (attempt)
idle: [.....1] [ip4][..tcp] [....10.9.25.101][49165] -> [..144.91.69.195][...80] [HTTP][Unknown][Download][Acceptable]
- RISK: Binary App Transfer, HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Obsolete Server
+ RISK: Binary App Transfer, HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI, HTTP Obsolete Server, Binary file/data transfer (attempt)
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/ftp.pcap.out b/test/results/flow-info/default/ftp.pcap.out
index d379ae187..e34743ca0 100644
--- a/test/results/flow-info/default/ftp.pcap.out
+++ b/test/results/flow-info/default/ftp.pcap.out
@@ -16,7 +16,6 @@
[ENTROPIES...: 4.2,5.3,4.9,5.6,4.9,5.4,5.2,5.7,4.9,5.2,5.1,5.7,4.9,5.0,5.0,5.6,4.8,5.0,5.5,5.3,4.9,4.9,5.2,5.7,4.9,5.0,4.9,5.6,5.6,4.9,5.1,5.7]
new: [.....2] [ip4][..tcp] [..192.168.1.212][50695] -> [...90.130.70.73][25685]
detected: [.....2] [ip4][..tcp] [..192.168.1.212][50695] -> [...90.130.70.73][25685] [FTP_DATA][Unknown][Download][Acceptable]
- RISK: Known Proto on Non Std Port
new: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523]
analyse: [.....3] [ip4][..tcp] [..192.168.1.212][50696] -> [...90.130.70.73][24523]
min| max| avg| stddev| variance| entropy
@@ -33,5 +32,4 @@
end: [.....1] [ip4][..tcp] [..192.168.1.212][50694] -> [...90.130.70.73][...21] [FTP_CONTROL][Unknown][Download][Unsafe]
RISK: Unsafe Protocol, Clear-Text Credentials
end: [.....2] [ip4][..tcp] [..192.168.1.212][50695] -> [...90.130.70.73][25685] [FTP_DATA][Unknown][Download][Acceptable]
- RISK: Known Proto on Non Std Port
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/gnutella.pcap.out b/test/results/flow-info/default/gnutella.pcap.out
index 6314c8103..1fec92df6 100644
--- a/test/results/flow-info/default/gnutella.pcap.out
+++ b/test/results/flow-info/default/gnutella.pcap.out
@@ -869,9 +869,9 @@
RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol
new: [...335] [ip4][..udp] [......10.0.2.15][28681] -> [.14.200.255.229][37058]
detection-update: [...333] [ip4][..tcp] [......10.0.2.15][50327] -> [.69.118.162.229][46906] [HTTP.Gnutella][Unknown][Media][Potentially Dangerous][69.118.162.229]
- RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol
+ RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Binary file/data transfer (attempt)
detection-update: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] [HTTP.Gnutella][Unknown][Media][Potentially Dangerous][189.147.72.83]
- RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol
+ RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Binary file/data transfer (attempt)
new: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888]
detected: [...336] [ip4][..udp] [......10.0.2.15][28681] -> [...80.7.252.192][.6888] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
@@ -7108,7 +7108,7 @@
idle: [...123] [ip4][..tcp] [......10.0.2.15][50254] -> [..24.78.134.188][49046]
idle: [...799] [ip6][..udp] [..............fe80::c50d:519f:96a4:e108][63958] -> [................................ff02::c][.3702] [WSD][Unknown][Network][Acceptable]
idle: [...333] [ip4][..tcp] [......10.0.2.15][50327] -> [.69.118.162.229][46906] [HTTP.Gnutella][Unknown][Media][Potentially Dangerous]
- RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol
+ RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Binary file/data transfer (attempt)
not-detected: [....64] [ip4][..tcp] [......10.0.2.15][50223] -> [118.167.248.220][63108] [Unknown][Unknown][Unrated]
RISK: Unidirectional Traffic
idle: [....64] [ip4][..tcp] [......10.0.2.15][50223] -> [118.167.248.220][63108]
@@ -7347,7 +7347,7 @@
end: [...239] [ip4][..tcp] [......10.0.2.15][50285] -> [..75.133.101.93][52367] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
idle: [...334] [ip4][..tcp] [......10.0.2.15][50328] -> [..189.147.72.83][26108] [HTTP.Gnutella][Unknown][Media][Potentially Dangerous]
- RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol
+ RISK: Known Proto on Non Std Port, HTTP/TLS/QUIC Numeric Hostname/SNI, Unsafe Protocol, Binary file/data transfer (attempt)
idle: [...175] [ip4][..udp] [......10.0.2.15][28681] -> [...115.69.62.99][.6346] [Gnutella][Unknown][Download][Potentially Dangerous]
RISK: Unsafe Protocol
idle: [...756] [ip4][..udp] [......10.0.2.15][28681] -> [..41.100.68.255][12838] [Gnutella][Unknown][Download][Potentially Dangerous]
diff --git a/test/results/flow-info/default/http_ipv6.pcap.out b/test/results/flow-info/default/http_ipv6.pcap.out
index 9547ce50c..1f684621e 100644
--- a/test/results/flow-info/default/http_ipv6.pcap.out
+++ b/test/results/flow-info/default/http_ipv6.pcap.out
@@ -73,6 +73,7 @@
guessed: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443] [TLS][Facebook][Web][Safe]
idle: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443]
guessed: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] [QUIC][Google][Web][Acceptable]
+ RISK: Susp Entropy
idle: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443]
guessed: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443] [TLS][Google][Web][Safe]
idle: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443]
diff --git a/test/results/flow-info/default/instagram.pcap.out b/test/results/flow-info/default/instagram.pcap.out
index d22e00bdf..324365a57 100644
--- a/test/results/flow-info/default/instagram.pcap.out
+++ b/test/results/flow-info/default/instagram.pcap.out
@@ -193,6 +193,7 @@
end: [....19] [ip4][..tcp] [..192.168.0.103][57966] -> [...82.85.26.185][...80]
end: [....30] [ip4][..tcp] [..192.168.0.103][58690] -> [...46.33.70.159][..443] [TLS][Unknown][Web][Safe]
guessed: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80] [HTTP][Unknown][Web][Acceptable][]
+ RISK: Susp Entropy
end: [.....7] [ip4][..tcp] [..192.168.0.103][33976] -> [....77.67.29.17][...80]
idle: [....17] [ip4][..udp] [..192.168.0.103][51219] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun]
idle: [....26] [ip4][..tcp] [..192.168.0.103][58052] -> [...82.85.26.162][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun]
@@ -202,6 +203,7 @@
idle: [....24] [ip4][..tcp] [..192.168.0.103][60908] -> [...46.33.70.136][..443] [TLS.Instagram][Unknown][SocialNetwork][Fun]
RISK: Obsolete TLS (v1.1 or older)
guessed: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216] [HTTP][Facebook][Web][Acceptable][]
+ RISK: Susp Entropy
idle: [....28] [ip4][..tcp] [....31.13.86.52][...80] -> [..192.168.0.103][58216]
idle: [....21] [ip4][..tcp] [..192.168.0.103][44558] -> [...46.33.70.174][..443] [TLS.Instagram][Unknown][SocialNetwork][Fun]
RISK: Obsolete TLS (v1.1 or older)
@@ -216,6 +218,7 @@
RISK: Obsolete TLS (v1.1 or older)
idle: [....15] [ip4][..tcp] [..192.168.0.103][33763] -> [....31.13.93.52][..443] [TLS][Facebook][Web][Safe]
guessed: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151] [HTTP][Unknown][Web][Acceptable][]
+ RISK: Susp Entropy
idle: [....29] [ip4][..tcp] [....2.22.236.51][...80] -> [..192.168.0.103][44151]
end: [.....5] [ip4][..tcp] [..192.168.0.103][44379] -> [...82.85.26.186][...80] [HTTP.Instagram][Unknown][SocialNetwork][Fun]
idle: [....12] [ip4][..tcp] [....31.13.93.52][..443] -> [..192.168.0.103][33934] [TLS][Facebook][Web][Safe]
@@ -225,6 +228,7 @@
not-detected: [....11] [ip4][..udp] [....192.168.0.1][..520] -> [..192.168.0.255][..520] [Unknown][Unknown][Unrated]
idle: [....11] [ip4][..udp] [....192.168.0.1][..520] -> [..192.168.0.255][..520]
guessed: [....25] [ip4][..tcp] [..92.122.48.138][...80] -> [..192.168.0.103][41562] [HTTP][Unknown][Web][Acceptable][]
+ RISK: Susp Entropy
idle: [....25] [ip4][..tcp] [..92.122.48.138][...80] -> [..192.168.0.103][41562]
new: [....37] [ip4][..tcp] [...192.168.2.17][49360] -> [....31.13.86.52][..443]
new: [....38] [ip4][..tcp] [...192.168.2.17][49361] -> [....31.13.86.52][..443]
diff --git a/test/results/flow-info/default/kerberos.pcap.out b/test/results/flow-info/default/kerberos.pcap.out
index b64d1fa07..f7ae85f6e 100644
--- a/test/results/flow-info/default/kerberos.pcap.out
+++ b/test/results/flow-info/default/kerberos.pcap.out
@@ -52,8 +52,10 @@
new: [....35] [ip4][..tcp] [...172.16.8.201][49196] -> [.....172.16.8.8][...88] [MIDSTREAM]
new: [....36] [ip4][..tcp] [...172.16.8.201][49194] -> [.....172.16.8.8][..445] [MIDSTREAM]
not-detected: [....11] [ip4][..tcp] [...172.16.8.201][49165] -> [.....172.16.8.8][49155] [Unknown][Unknown][Unrated]
+ RISK: Susp Entropy
idle: [....11] [ip4][..tcp] [...172.16.8.201][49165] -> [.....172.16.8.8][49155]
not-detected: [....26] [ip4][..tcp] [...172.16.8.201][49185] -> [.....172.16.8.8][49155] [Unknown][Unknown][Unrated]
+ RISK: Susp Entropy
idle: [....26] [ip4][..tcp] [...172.16.8.201][49185] -> [.....172.16.8.8][49155]
idle: [.....1] [ip4][..tcp] [...172.16.8.201][49157] -> [.....172.16.8.8][...88] [Kerberos][Unknown][Network][Acceptable]
idle: [.....2] [ip4][..tcp] [...172.16.8.201][49158] -> [.....172.16.8.8][...88] [Kerberos][Unknown][Network][Acceptable]
@@ -70,6 +72,7 @@
idle: [....13] [ip4][..tcp] [...172.16.8.201][49170] -> [.....172.16.8.8][...88]
idle: [....14] [ip4][..tcp] [...172.16.8.201][49171] -> [.....172.16.8.8][...88] [Kerberos][Unknown][Network][Acceptable]
guessed: [....15] [ip4][..tcp] [...172.16.8.201][49173] -> [.....172.16.8.8][...88] [Kerberos][Unknown][Network][Acceptable]
+ RISK: Susp Entropy
idle: [....15] [ip4][..tcp] [...172.16.8.201][49173] -> [.....172.16.8.8][...88]
guessed: [....17] [ip4][..tcp] [...172.16.8.201][49175] -> [.....172.16.8.8][...88] [Kerberos][Unknown][Network][Acceptable]
idle: [....17] [ip4][..tcp] [...172.16.8.201][49175] -> [.....172.16.8.8][...88]
@@ -93,23 +96,33 @@
guessed: [....35] [ip4][..tcp] [...172.16.8.201][49196] -> [.....172.16.8.8][...88] [Kerberos][Unknown][Network][Acceptable]
idle: [....35] [ip4][..tcp] [...172.16.8.201][49196] -> [.....172.16.8.8][...88]
guessed: [.....7] [ip4][..tcp] [...172.16.8.201][49161] -> [.....172.16.8.8][..389] [LDAP][Unknown][System][Acceptable]
+ RISK: Susp Entropy
idle: [.....7] [ip4][..tcp] [...172.16.8.201][49161] -> [.....172.16.8.8][..389]
guessed: [....12] [ip4][..tcp] [...172.16.8.201][49169] -> [.....172.16.8.8][..389] [LDAP][Unknown][System][Acceptable]
+ RISK: Susp Entropy
idle: [....12] [ip4][..tcp] [...172.16.8.201][49169] -> [.....172.16.8.8][..389]
guessed: [....16] [ip4][..tcp] [...172.16.8.201][49172] -> [.....172.16.8.8][..389] [LDAP][Unknown][System][Acceptable]
+ RISK: Susp Entropy
idle: [....16] [ip4][..tcp] [...172.16.8.201][49172] -> [.....172.16.8.8][..389]
guessed: [....20] [ip4][..tcp] [...172.16.8.201][49179] -> [.....172.16.8.8][..389] [LDAP][Unknown][System][Acceptable]
+ RISK: Susp Entropy
idle: [....20] [ip4][..tcp] [...172.16.8.201][49179] -> [.....172.16.8.8][..389]
guessed: [....21] [ip4][..tcp] [...172.16.8.201][49180] -> [.....172.16.8.8][..389] [LDAP][Unknown][System][Acceptable]
+ RISK: Susp Entropy
idle: [....21] [ip4][..tcp] [...172.16.8.201][49180] -> [.....172.16.8.8][..389]
guessed: [....32] [ip4][..tcp] [...172.16.8.201][49191] -> [.....172.16.8.8][..389] [LDAP][Unknown][System][Acceptable]
+ RISK: Susp Entropy
idle: [....32] [ip4][..tcp] [...172.16.8.201][49191] -> [.....172.16.8.8][..389]
guessed: [....33] [ip4][..tcp] [...172.16.8.201][49193] -> [.....172.16.8.8][..389] [LDAP][Unknown][System][Acceptable]
+ RISK: Susp Entropy
idle: [....33] [ip4][..tcp] [...172.16.8.201][49193] -> [.....172.16.8.8][..389]
guessed: [.....5] [ip4][..tcp] [...172.16.8.201][49156] -> [.....172.16.8.8][..445] [SMBv23][Unknown][System][Acceptable]
+ RISK: Susp Entropy
idle: [.....5] [ip4][..tcp] [...172.16.8.201][49156] -> [.....172.16.8.8][..445]
guessed: [....19] [ip4][..tcp] [...172.16.8.201][49174] -> [.....172.16.8.8][..445] [SMBv23][Unknown][System][Acceptable]
+ RISK: Susp Entropy
idle: [....19] [ip4][..tcp] [...172.16.8.201][49174] -> [.....172.16.8.8][..445]
guessed: [....36] [ip4][..tcp] [...172.16.8.201][49194] -> [.....172.16.8.8][..445] [SMBv23][Unknown][System][Acceptable]
+ RISK: Susp Entropy
idle: [....36] [ip4][..tcp] [...172.16.8.201][49194] -> [.....172.16.8.8][..445]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/kontiki.pcap.out b/test/results/flow-info/default/kontiki.pcap.out
index d80aaf2ef..b9df63015 100644
--- a/test/results/flow-info/default/kontiki.pcap.out
+++ b/test/results/flow-info/default/kontiki.pcap.out
@@ -36,6 +36,7 @@
not-detected: [.....1] [ip4][..udp] [....10.25.32.59][19948] -> [255.255.255.255][19948] [Unknown][Unknown][Unrated]
idle: [.....1] [ip4][..udp] [....10.25.32.59][19948] -> [255.255.255.255][19948]
not-detected: [.....2] [ip4][..udp] [....10.25.32.59][19948] -> [..64.200.148.82][.1948] [Unknown][Unknown][Unrated]
+ RISK: Susp Entropy
idle: [.....2] [ip4][..udp] [....10.25.32.59][19948] -> [..64.200.148.82][.1948]
idle: [.....5] [ip4][..udp] [....10.25.32.59][19948] -> [..64.200.148.88][...80] [Kontiki][Unknown][Media][Potentially Dangerous]
RISK: Unsafe Protocol
diff --git a/test/results/flow-info/default/lru_ipv6_caches.pcapng.out b/test/results/flow-info/default/lru_ipv6_caches.pcapng.out
index 9fb54e98e..8d8174ec0 100644
--- a/test/results/flow-info/default/lru_ipv6_caches.pcapng.out
+++ b/test/results/flow-info/default/lru_ipv6_caches.pcapng.out
@@ -24,6 +24,8 @@
RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478]
detected: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
new: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144]
detected: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS][Unknown][Web][Safe][]
RISK: Unidirectional Traffic
@@ -43,8 +45,12 @@
RISK: Unidirectional Traffic
new: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478]
detected: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
new: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478]
detected: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
idle: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS.Cloudflare][Unknown][Web][Acceptable]
RISK: Unidirectional Traffic
idle: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable]
@@ -60,9 +66,12 @@
idle: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] [BitTorrent][Unknown][Download][Acceptable]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ RISK: Unidirectional Traffic
idle: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ RISK: Unidirectional Traffic
idle: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [STUN][Unknown][Network][Acceptable]
idle: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ RISK: Unidirectional Traffic
idle: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] [BitTorrent][Unknown][Download][Acceptable]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/netflix.pcap.out b/test/results/flow-info/default/netflix.pcap.out
index 02d78dc9a..6cca6ebd9 100644
--- a/test/results/flow-info/default/netflix.pcap.out
+++ b/test/results/flow-info/default/netflix.pcap.out
@@ -162,7 +162,7 @@
detected: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.145]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
detection-update: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.145]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
analyse: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.004| 0.651| 0.082| 0.154| 23582.077| 3.600]
@@ -177,12 +177,12 @@
detected: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] [HTTP][NetFlix][Web][Acceptable][23.246.10.139]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
detection-update: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] [HTTP][NetFlix][Download][Acceptable][23.246.10.139]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
new: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80]
detected: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP][NetFlix][Web][Acceptable][23.246.3.140]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
detection-update: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable][23.246.3.140]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
analyse: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.002| 0.044| 0.018| 0.010| 100.655| 4.700]
@@ -213,7 +213,7 @@
detected: [....36] [ip4][..tcp] [....192.168.1.7][53175] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
detection-update: [....33] [ip4][..tcp] [....192.168.1.7][53172] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.133]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
detected: [....40] [ip4][..tcp] [....192.168.1.7][53179] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
detected: [....39] [ip4][..tcp] [....192.168.1.7][53178] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
@@ -223,31 +223,31 @@
detected: [....38] [ip4][..tcp] [....192.168.1.7][53177] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
detection-update: [....35] [ip4][..tcp] [....192.168.1.7][53174] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
detection-update: [....34] [ip4][..tcp] [....192.168.1.7][53173] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.133]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
detected: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
detection-update: [....36] [ip4][..tcp] [....192.168.1.7][53175] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
detected: [....42] [ip4][..tcp] [....192.168.1.7][53181] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
detected: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
detection-update: [....40] [ip4][..tcp] [....192.168.1.7][53179] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
detection-update: [....37] [ip4][..tcp] [....192.168.1.7][53176] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
detection-update: [....39] [ip4][..tcp] [....192.168.1.7][53178] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
detection-update: [....38] [ip4][..tcp] [....192.168.1.7][53177] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
detection-update: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
detection-update: [....42] [ip4][..tcp] [....192.168.1.7][53181] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
detection-update: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
analyse: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 2.098| 0.201| 0.403| 162731.114| 3.600]
@@ -375,13 +375,13 @@
detected: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP][NetFlix][Web][Acceptable][23.246.3.140]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
detection-update: [....45] [ip4][..tcp] [....192.168.1.7][53184] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
new: [....46] [ip4][..tcp] [....192.168.1.7][53193] -> [...54.191.17.51][..443]
new: [....47] [ip4][..tcp] [....192.168.1.7][53202] -> [...54.191.17.51][..443]
new: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53]
detected: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ichnaea.geo.netflix.com]
detection-update: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable][23.246.3.140]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
detection-update: [....48] [ip4][..udp] [....192.168.1.7][60962] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun][ichnaea.geo.netflix.com]
new: [....49] [ip4][..tcp] [....192.168.1.7][53203] -> [...52.37.36.252][..443]
analyse: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
@@ -443,7 +443,7 @@
detected: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.133]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
detection-update: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.133]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
update: [....10] [ip4][..udp] [....192.168.1.7][53776] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
update: [.....2] [ip4][..udp] [....192.168.1.7][51543] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
update: [....17] [ip4][..udp] [....192.168.1.7][57719] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
@@ -453,7 +453,7 @@
detected: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP][NetFlix][Web][Acceptable][23.246.11.141]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
detection-update: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable][23.246.11.141]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
update: [....19] [ip4][..udp] [....192.168.1.7][59180] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
update: [....26] [ip4][..udp] [....192.168.1.7][51728] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
update: [....23] [ip4][..udp] [....192.168.1.7][58102] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
@@ -595,41 +595,41 @@
idle: [.....3] [ip4][..udp] [....192.168.1.7][52116] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
idle: [....27] [ip4][..udp] [....192.168.1.7][52347] -> [....192.168.1.1][...53] [DNS.NetFlix][Unknown][Network][Fun]
end: [....30] [ip4][..tcp] [....192.168.1.7][53163] -> [..23.246.11.145][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
idle: [....31] [ip4][..tcp] [....192.168.1.7][53164] -> [..23.246.10.139][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
end: [....32] [ip4][..tcp] [....192.168.1.7][53171] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
end: [....33] [ip4][..tcp] [....192.168.1.7][53172] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
end: [....34] [ip4][..tcp] [....192.168.1.7][53173] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
end: [....35] [ip4][..tcp] [....192.168.1.7][53174] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
end: [....36] [ip4][..tcp] [....192.168.1.7][53175] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
end: [....37] [ip4][..tcp] [....192.168.1.7][53176] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
end: [....38] [ip4][..tcp] [....192.168.1.7][53177] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
end: [....39] [ip4][..tcp] [....192.168.1.7][53178] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
end: [....40] [ip4][..tcp] [....192.168.1.7][53179] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
end: [....41] [ip4][..tcp] [....192.168.1.7][53180] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
end: [....42] [ip4][..tcp] [....192.168.1.7][53181] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
end: [....43] [ip4][..tcp] [....192.168.1.7][53182] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
idle: [....44] [ip4][..tcp] [....192.168.1.7][53183] -> [...23.246.3.140][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
idle: [....45] [ip4][..tcp] [....192.168.1.7][53184] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
idle: [....50] [ip4][..tcp] [....192.168.1.7][53210] -> [..23.246.11.133][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
idle: [....51] [ip4][..tcp] [....192.168.1.7][53217] -> [..23.246.11.141][...80] [HTTP][NetFlix][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
end: [.....4] [ip4][..tcp] [....192.168.1.7][53105] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
end: [.....9] [ip4][..tcp] [....192.168.1.7][53118] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
end: [....11] [ip4][..tcp] [....192.168.1.7][53119] -> [..54.69.204.241][..443] [TLS.NetFlix][AmazonAWS][Video][Fun]
diff --git a/test/results/flow-info/default/nintendo.pcap.out b/test/results/flow-info/default/nintendo.pcap.out
index 6ae46c3c5..416910ee0 100644
--- a/test/results/flow-info/default/nintendo.pcap.out
+++ b/test/results/flow-info/default/nintendo.pcap.out
@@ -123,7 +123,7 @@
idle: [....19] [ip4][..udp] [.192.168.12.114][55915] -> [.93.237.131.235][56066] [Nintendo][Unknown][Game][Fun]
idle: [.....5] [ip4][..udp] [.192.168.12.114][52119] -> [...35.158.74.61][33335] [Nintendo][AmazonAWS][Game][Fun]
guessed: [.....6] [ip4][..udp] [.192.168.12.114][52119] -> [..52.10.205.177][34343] [AmazonAWS][AmazonAWS][Cloud][Acceptable]
- RISK: Unidirectional Traffic
+ RISK: Susp Entropy, Unidirectional Traffic
idle: [.....6] [ip4][..udp] [.192.168.12.114][52119] -> [..52.10.205.177][34343]
end: [.....8] [ip4][..tcp] [.192.168.12.114][41517] -> [..54.192.27.217][..443] [TLS.Nintendo][AmazonAWS][Game][Fun]
RISK: TLS (probably) Not Carrying HTTPS
diff --git a/test/results/flow-info/default/portable_executable.pcap.out b/test/results/flow-info/default/portable_executable.pcap.out
new file mode 100644
index 000000000..973ba812c
--- /dev/null
+++ b/test/results/flow-info/default/portable_executable.pcap.out
@@ -0,0 +1,12 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip4][..tcp] [..172.16.99.201][.1732] -> [..64.227.107.71][.4444]
+ new: [.....2] [ip4][..tcp] [..64.227.107.71][...53] -> [...172.16.99.10][49652]
+ not-detected: [.....1] [ip4][..tcp] [..172.16.99.201][.1732] -> [..64.227.107.71][.4444] [Unknown][Unknown][Unrated]
+ RISK: Binary App Transfer
+ idle: [.....1] [ip4][..tcp] [..172.16.99.201][.1732] -> [..64.227.107.71][.4444]
+ guessed: [.....2] [ip4][..tcp] [..64.227.107.71][...53] -> [...172.16.99.10][49652] [DNS][Unknown][Network][Acceptable][]
+ RISK: Binary App Transfer, Malformed Packet
+ idle: [.....2] [ip4][..tcp] [..64.227.107.71][...53] -> [...172.16.99.10][49652]
+ DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/pps.pcap.out b/test/results/flow-info/default/pps.pcap.out
index 70ebd04c1..1877cc50a 100644
--- a/test/results/flow-info/default/pps.pcap.out
+++ b/test/results/flow-info/default/pps.pcap.out
@@ -162,7 +162,7 @@
new: [....55] [ip4][..udp] [...192.168.5.57][59648] -> [239.255.255.250][.1900]
detected: [....55] [ip4][..udp] [...192.168.5.57][59648] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
detection-update: [....54] [ip4][..tcp] [..192.168.115.8][50486] -> [...77.234.40.96][...80] [HTTP.Cybersec][AVAST][Download][Safe][bcu.ff.avast.com]
- RISK: HTTP Susp User-Agent, HTTP Obsolete Server
+ RISK: HTTP Susp User-Agent, HTTP Obsolete Server, Binary file/data transfer (attempt)
new: [....56] [ip4][..tcp] [..192.168.115.8][50487] -> [.202.108.14.219][...80] [MIDSTREAM]
detected: [....56] [ip4][..tcp] [..192.168.115.8][50487] -> [.202.108.14.219][...80] [HTTP][Unknown][Streaming][Acceptable][msg.71.am]
new: [....57] [ip4][..tcp] [..192.168.115.8][50488] -> [..223.26.106.20][...80] [MIDSTREAM]
@@ -196,7 +196,7 @@
detection-update: [....63] [ip4][..tcp] [..192.168.115.8][50494] -> [..223.26.106.66][...80] [HTTP][Unknown][Web][Acceptable][223.26.106.66]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Unidirectional Traffic
detection-update: [....63] [ip4][..tcp] [..192.168.115.8][50494] -> [..223.26.106.66][...80] [HTTP][Unknown][Download][Acceptable][223.26.106.66]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
new: [....65] [ip4][..udp] [...192.168.5.48][63930] -> [239.255.255.250][.1900]
detected: [....65] [ip4][..udp] [...192.168.5.48][63930] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900]
new: [....66] [ip4][..tcp] [..192.168.115.8][50495] -> [.202.108.14.236][...80] [MIDSTREAM]
@@ -284,7 +284,7 @@
new: [....81] [ip4][..tcp] [..192.168.115.8][50505] -> [..223.26.106.19][...80] [MIDSTREAM]
detected: [....81] [ip4][..tcp] [..192.168.115.8][50505] -> [..223.26.106.19][...80] [HTTP][Unknown][Web][Acceptable][static.qiyi.com]
detection-update: [....81] [ip4][..tcp] [..192.168.115.8][50505] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable][static.qiyi.com]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
new: [....82] [ip4][..tcp] [..192.168.115.8][50504] -> [.202.108.14.236][...80] [MIDSTREAM]
detected: [....82] [ip4][..tcp] [..192.168.115.8][50504] -> [.202.108.14.236][...80] [HTTP][Unknown][Streaming][Acceptable][msg.71.am]
new: [....83] [ip4][..udp] [...192.168.5.38][.1900] -> [239.255.255.250][.1900]
@@ -294,7 +294,7 @@
new: [....85] [ip4][..tcp] [..192.168.115.8][50507] -> [..223.26.106.19][...80] [MIDSTREAM]
detected: [....85] [ip4][..tcp] [..192.168.115.8][50507] -> [..223.26.106.19][...80] [HTTP][Unknown][Web][Acceptable][static.qiyi.com]
detection-update: [....85] [ip4][..tcp] [..192.168.115.8][50507] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable][static.qiyi.com]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
new: [....86] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50506] [MIDSTREAM]
detected: [....86] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50506] [HTTP][Unknown][Web][Acceptable][]
RISK: HTTP Susp User-Agent, HTTP Obsolete Server
@@ -306,17 +306,17 @@
new: [....88] [ip4][..tcp] [..192.168.115.8][50508] -> [..223.26.106.19][...80] [MIDSTREAM]
detected: [....88] [ip4][..tcp] [..192.168.115.8][50508] -> [..223.26.106.19][...80] [HTTP][Unknown][Web][Acceptable][static.qiyi.com]
detection-update: [....88] [ip4][..tcp] [..192.168.115.8][50508] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable][static.qiyi.com]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
new: [....89] [ip4][..tcp] [..192.168.115.8][50509] -> [.106.38.219.107][...80] [MIDSTREAM]
detected: [....89] [ip4][..tcp] [..192.168.115.8][50509] -> [.106.38.219.107][...80] [HTTP][Unknown][Web][Acceptable][iplocation.geo.qiyi.com]
new: [....90] [ip4][..tcp] [..192.168.115.8][50766] -> [..223.26.106.20][...80] [MIDSTREAM]
detected: [....90] [ip4][..tcp] [..192.168.115.8][50766] -> [..223.26.106.20][...80] [HTTP][Unknown][Web][Acceptable][static.qiyi.com]
detection-update: [....90] [ip4][..tcp] [..192.168.115.8][50766] -> [..223.26.106.20][...80] [HTTP][Unknown][Download][Acceptable][static.qiyi.com]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
new: [....91] [ip4][..tcp] [..192.168.115.8][50767] -> [..223.26.106.20][...80] [MIDSTREAM]
detected: [....91] [ip4][..tcp] [..192.168.115.8][50767] -> [..223.26.106.20][...80] [HTTP][Unknown][Web][Acceptable][static.qiyi.com]
detection-update: [....91] [ip4][..tcp] [..192.168.115.8][50767] -> [..223.26.106.20][...80] [HTTP][Unknown][Download][Acceptable][static.qiyi.com]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
new: [....92] [ip4][..tcp] [..192.168.115.8][50765] -> [..36.110.220.15][...80] [MIDSTREAM]
detected: [....92] [ip4][..tcp] [..192.168.115.8][50765] -> [..36.110.220.15][...80] [HTTP][Unknown][Web][Acceptable][msg.video.qiyi.com]
new: [....93] [ip4][..tcp] [..192.168.115.8][50768] -> [..223.26.106.19][...80] [MIDSTREAM]
@@ -324,7 +324,7 @@
detection-update: [....92] [ip4][..tcp] [..192.168.115.8][50765] -> [..36.110.220.15][...80] [HTTP][Unknown][Web][Acceptable][msg.video.qiyi.com]
RISK: HTTP Obsolete Server
detection-update: [....93] [ip4][..tcp] [..192.168.115.8][50768] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable][static.qiyi.com]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
new: [....94] [ip4][..tcp] [..192.168.115.8][50769] -> [.101.227.200.11][...80] [MIDSTREAM]
detected: [....94] [ip4][..tcp] [..192.168.115.8][50769] -> [.101.227.200.11][...80] [HTTP.PPStream][Unknown][Streaming][Fun][api.cupid.iqiyi.com]
detection-update: [....94] [ip4][..tcp] [..192.168.115.8][50769] -> [.101.227.200.11][...80] [HTTP.PPStream][Unknown][Streaming][Fun][api.cupid.iqiyi.com]
@@ -370,16 +370,16 @@
detected: [...106] [ip4][..tcp] [..192.168.115.8][50781] -> [..223.26.106.20][...80] [HTTP.PPStream][Unknown][Streaming][Fun][preimage1.qiyipic.com]
new: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [MIDSTREAM]
detected: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [HTTP][AVAST][Download][Acceptable][]
- RISK: Binary App Transfer, HTTP Susp User-Agent
+ RISK: HTTP Susp User-Agent, Binary file/data transfer (attempt)
detection-update: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [HTTP][AVAST][Download][Acceptable][]
- RISK: Binary App Transfer, HTTP Susp User-Agent, Unidirectional Traffic
+ RISK: HTTP Susp User-Agent, Unidirectional Traffic, Binary file/data transfer (attempt)
detection-update: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [HTTP.Cybersec][AVAST][Cybersecurity][Safe][su.ff.avast.com]
- RISK: HTTP Susp User-Agent
+ RISK: HTTP Susp User-Agent, Binary file/data transfer (attempt)
not-detected: [....22] [ip4][..udp] [..192.168.115.8][22793] -> [.222.26.193.119][.7133] [Unknown][Unknown][Unrated]
RISK: Unidirectional Traffic
idle: [....22] [ip4][..udp] [..192.168.115.8][22793] -> [.222.26.193.119][.7133]
idle: [....54] [ip4][..tcp] [..192.168.115.8][50486] -> [...77.234.40.96][...80] [HTTP.Cybersec][AVAST][Download][Safe]
- RISK: HTTP Susp User-Agent, HTTP Obsolete Server
+ RISK: HTTP Susp User-Agent, HTTP Obsolete Server, Binary file/data transfer (attempt)
not-detected: [....25] [ip4][..udp] [..192.168.115.8][22793] -> [.115.157.62.243][29006] [Unknown][Unknown][Unrated]
RISK: Unidirectional Traffic
idle: [....25] [ip4][..udp] [..192.168.115.8][22793] -> [.115.157.62.243][29006]
@@ -411,13 +411,13 @@
idle: [....60] [ip4][..tcp] [..192.168.115.8][50491] -> [..223.26.106.66][...80] [HTTP][Unknown][Web][Acceptable]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
idle: [....63] [ip4][..tcp] [..192.168.115.8][50494] -> [..223.26.106.66][...80] [HTTP][Unknown][Download][Acceptable]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
idle: [....81] [ip4][..tcp] [..192.168.115.8][50505] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
idle: [....85] [ip4][..tcp] [..192.168.115.8][50507] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
idle: [....88] [ip4][..tcp] [..192.168.115.8][50508] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
not-detected: [....32] [ip4][..udp] [..192.168.115.8][22793] -> [..114.47.91.129][22576] [Unknown][Unknown][Unrated]
RISK: Unidirectional Traffic
idle: [....32] [ip4][..udp] [..192.168.115.8][22793] -> [..114.47.91.129][22576]
@@ -433,11 +433,11 @@
RISK: Unidirectional Traffic
idle: [.....6] [ip4][..udp] [..192.168.115.8][22793] -> [.111.249.53.196][32443]
idle: [....90] [ip4][..tcp] [..192.168.115.8][50766] -> [..223.26.106.20][...80] [HTTP][Unknown][Download][Acceptable]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
idle: [....91] [ip4][..tcp] [..192.168.115.8][50767] -> [..223.26.106.20][...80] [HTTP][Unknown][Download][Acceptable]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
idle: [....93] [ip4][..tcp] [..192.168.115.8][50768] -> [..223.26.106.19][...80] [HTTP][Unknown][Download][Acceptable]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
idle: [...102] [ip4][..tcp] [..192.168.115.8][50778] -> [..223.26.106.20][...80] [HTTP.PPStream][Unknown][Streaming][Fun]
idle: [...105] [ip4][..tcp] [..192.168.115.8][50780] -> [..223.26.106.20][...80] [HTTP.PPStream][Unknown][Streaming][Fun]
idle: [...106] [ip4][..tcp] [..192.168.115.8][50781] -> [..223.26.106.20][...80] [HTTP.PPStream][Unknown][Streaming][Fun]
@@ -458,6 +458,7 @@
not-detected: [.....4] [ip4][..udp] [..192.168.115.8][22793] -> [.222.197.138.12][.6956] [Unknown][Unknown][Unrated]
idle: [.....4] [ip4][..udp] [..192.168.115.8][22793] -> [.222.197.138.12][.6956]
not-detected: [.....2] [ip4][..udp] [..118.171.15.56][.5544] -> [..192.168.115.8][22793] [Unknown][Unknown][Unrated]
+ RISK: Susp Entropy
idle: [.....2] [ip4][..udp] [..118.171.15.56][.5544] -> [..192.168.115.8][22793]
guessed: [.....9] [ip4][..tcp] [..192.168.115.8][50462] -> [.202.108.14.236][...80] [HTTP][Unknown][Web][Acceptable][]
RISK: Unidirectional Traffic
@@ -499,7 +500,7 @@
idle: [....86] [ip4][..tcp] [.202.108.14.219][...80] -> [..192.168.115.8][50506] [HTTP][Unknown][Web][Acceptable]
RISK: HTTP Susp User-Agent, HTTP Obsolete Server
idle: [...107] [ip4][..tcp] [...77.234.41.35][...80] -> [..192.168.115.8][49174] [HTTP.Cybersec][AVAST][Cybersecurity][Safe]
- RISK: HTTP Susp User-Agent
+ RISK: HTTP Susp User-Agent, Binary file/data transfer (attempt)
not-detected: [....23] [ip4][..udp] [..192.168.115.8][22793] -> [.114.37.142.173][.1074] [Unknown][Unknown][Unrated]
RISK: Unidirectional Traffic
idle: [....23] [ip4][..udp] [..192.168.115.8][22793] -> [.114.37.142.173][.1074]
@@ -576,6 +577,7 @@
idle: [....17] [ip4][..udp] [..192.168.115.8][22793] -> [.111.117.101.81][10162]
idle: [...103] [ip4][..udp] [..192.168.115.1][50945] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
not-detected: [.....1] [ip4][..udp] [....1.173.5.226][22636] -> [..192.168.115.8][22793] [Unknown][Unknown][Unrated]
+ RISK: Susp Entropy
idle: [.....1] [ip4][..udp] [....1.173.5.226][22636] -> [..192.168.115.8][22793]
not-detected: [.....5] [ip4][..udp] [..192.168.115.8][22793] -> [...202.198.7.89][16039] [Unknown][Unknown][Unrated]
idle: [.....5] [ip4][..udp] [..192.168.115.8][22793] -> [...202.198.7.89][16039]
diff --git a/test/results/flow-info/default/quickplay.pcap.out b/test/results/flow-info/default/quickplay.pcap.out
index 3244ce908..cbbe5a432 100644
--- a/test/results/flow-info/default/quickplay.pcap.out
+++ b/test/results/flow-info/default/quickplay.pcap.out
@@ -41,14 +41,14 @@
detected: [....13] [ip4][..tcp] [..10.54.169.250][54885] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Unknown][Chat][Fun][hkextshort.weixin.qq.com]
RISK: Known Proto on Non Std Port
detection-update: [....12] [ip4][..tcp] [..10.54.169.250][42761] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun][hkextshort.weixin.qq.com]
- RISK: Binary App Transfer, Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
detection-update: [....13] [ip4][..tcp] [..10.54.169.250][54885] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Unknown][Download][Fun][hkextshort.weixin.qq.com]
- RISK: Binary App Transfer, Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
new: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [MIDSTREAM]
detected: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Tencent][Chat][Fun][hkextshort.weixin.qq.com]
RISK: Known Proto on Non Std Port
detection-update: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun][hkextshort.weixin.qq.com]
- RISK: Binary App Transfer, Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
analyse: [....11] [ip4][..tcp] [..10.54.169.250][52009] -> [...120.28.35.40][...80] [HTTP][Unknown][Streaming][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: 0.183| 5.871| 2.460| 1.331| 1772261.736| 4.700]
@@ -63,13 +63,13 @@
detected: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Tencent][Chat][Fun][hkminorshort.weixin.qq.com]
RISK: Known Proto on Non Std Port
detection-update: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun][hkminorshort.weixin.qq.com]
- RISK: Binary App Transfer, Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
new: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [MIDSTREAM]
detected: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [HTTP.Xiaomi][AmazonAWS][Web][Acceptable][api.account.xiaomi.com]
new: [....17] [ip4][..tcp] [..10.54.169.250][52017] -> [...120.28.35.40][...80] [MIDSTREAM]
detected: [....17] [ip4][..tcp] [..10.54.169.250][52017] -> [...120.28.35.40][...80] [HTTP][Unknown][Streaming][Acceptable][vod-singtelhawk.quickplay.com]
end: [....13] [ip4][..tcp] [..10.54.169.250][54885] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Unknown][Download][Fun]
- RISK: Binary App Transfer, Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
new: [....18] [ip4][..tcp] [..10.54.169.250][52018] -> [...120.28.35.40][...80] [MIDSTREAM]
detected: [....18] [ip4][..tcp] [..10.54.169.250][52018] -> [...120.28.35.40][...80] [HTTP][Unknown][Streaming][Acceptable][vod-singtelhawk.quickplay.com]
new: [....19] [ip4][..tcp] [..10.54.169.250][52019] -> [...120.28.35.40][...80] [MIDSTREAM]
@@ -84,9 +84,9 @@
idle: [....10] [ip4][..tcp] [..10.54.169.250][54883] -> [203.205.151.160][...80] [HTTP_Proxy.QQ][Unknown][Chat][Fun]
RISK: Known Proto on Non Std Port
idle: [....12] [ip4][..tcp] [..10.54.169.250][42761] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun]
- RISK: Binary App Transfer, Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
idle: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun]
- RISK: Binary App Transfer, Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
idle: [.....3] [ip4][..tcp] [..10.54.169.250][33064] -> [....120.28.5.18][...80] [HTTP][Unknown][Streaming][Acceptable]
idle: [.....6] [ip4][..tcp] [..10.54.169.250][33277] -> [..120.28.26.231][...80] [HTTP.Google][Unknown][Web][Acceptable]
idle: [....16] [ip4][..tcp] [..10.54.169.250][56381] -> [..54.179.140.65][...80] [HTTP.Xiaomi][AmazonAWS][Web][Acceptable]
@@ -100,6 +100,6 @@
idle: [.....4] [ip4][..tcp] [..10.54.169.250][52285] -> [..173.252.74.22][...80] [HTTP.Facebook][Facebook][SocialNetwork][Fun]
idle: [.....5] [ip4][..tcp] [..10.54.169.250][52288] -> [..173.252.74.22][...80] [HTTP.Facebook][Facebook][SocialNetwork][Fun]
idle: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Tencent][Download][Fun]
- RISK: Binary App Transfer, Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Binary file/data transfer (attempt)
idle: [.....8] [ip4][..tcp] [..10.54.169.250][44256] -> [....120.28.5.41][...80] [HTTP][Unknown][Streaming][Acceptable]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/riot.pcapng.out b/test/results/flow-info/default/riot.pcapng.out
index 5386bea30..a0388ef6d 100644
--- a/test/results/flow-info/default/riot.pcapng.out
+++ b/test/results/flow-info/default/riot.pcapng.out
@@ -9,7 +9,7 @@
detection-update: [.....2] [ip4][..tcp] [..35.234.85.218][..443] -> [..192.168.26.22][51949] [TLS.RiotGames][GoogleCloud][Game][Fun][]
RISK: Unidirectional Traffic
guessed: [.....1] [ip4][..tcp] [..52.41.135.135][..443] -> [..192.168.26.22][51817] [TLS][AmazonAWS][Web][Safe]
- RISK: Unidirectional Traffic
+ RISK: Susp Entropy, Unidirectional Traffic
idle: [.....1] [ip4][..tcp] [..52.41.135.135][..443] -> [..192.168.26.22][51817]
idle: [.....2] [ip4][..tcp] [..35.234.85.218][..443] -> [..192.168.26.22][51949] [TLS.RiotGames][GoogleCloud][Game][Fun]
RISK: Unidirectional Traffic
diff --git a/test/results/flow-info/default/shell.pcap.out b/test/results/flow-info/default/shell.pcap.out
new file mode 100644
index 000000000..a8902a531
--- /dev/null
+++ b/test/results/flow-info/default/shell.pcap.out
@@ -0,0 +1,20 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip4][..tcp] [......127.0.0.1][47638] -> [......127.0.0.1][33333]
+ new: [.....2] [ip4][..udp] [......127.0.0.1][54112] -> [......127.0.0.1][33333]
+ new: [.....3] [ip4][..udp] [......127.0.0.1][58538] -> [......127.0.0.1][33333]
+ new: [.....4] [ip4][..tcp] [......127.0.0.1][54970] -> [......127.0.0.1][33333]
+ not-detected: [.....4] [ip4][..tcp] [......127.0.0.1][54970] -> [......127.0.0.1][33333] [Unknown][Unknown][Unrated]
+ RISK: Possible Exploit Attempt
+ end: [.....4] [ip4][..tcp] [......127.0.0.1][54970] -> [......127.0.0.1][33333]
+ not-detected: [.....1] [ip4][..tcp] [......127.0.0.1][47638] -> [......127.0.0.1][33333] [Unknown][Unknown][Unrated]
+ RISK: Possible Exploit Attempt
+ end: [.....1] [ip4][..tcp] [......127.0.0.1][47638] -> [......127.0.0.1][33333]
+ not-detected: [.....2] [ip4][..udp] [......127.0.0.1][54112] -> [......127.0.0.1][33333] [Unknown][Unknown][Unrated]
+ RISK: Possible Exploit Attempt, Unidirectional Traffic
+ idle: [.....2] [ip4][..udp] [......127.0.0.1][54112] -> [......127.0.0.1][33333]
+ not-detected: [.....3] [ip4][..udp] [......127.0.0.1][58538] -> [......127.0.0.1][33333] [Unknown][Unknown][Unrated]
+ RISK: Possible Exploit Attempt, Unidirectional Traffic
+ idle: [.....3] [ip4][..udp] [......127.0.0.1][58538] -> [......127.0.0.1][33333]
+ DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/starcraft_battle.pcap.out b/test/results/flow-info/default/starcraft_battle.pcap.out
index 0063aa839..b710f8d60 100644
--- a/test/results/flow-info/default/starcraft_battle.pcap.out
+++ b/test/results/flow-info/default/starcraft_battle.pcap.out
@@ -47,7 +47,7 @@
detected: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Web][Acceptable][llnw.blizzard.com]
RISK: Susp DGA Domain name
detection-update: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable][llnw.blizzard.com]
- RISK: Binary App Transfer, Susp DGA Domain name
+ RISK: Susp DGA Domain name, Binary file/data transfer (attempt)
analyse: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.072| 0.012| 0.024| 562.008| 2.800]
@@ -212,7 +212,7 @@
end: [....25] [ip4][..tcp] [..192.168.1.100][.3486] -> [.199.38.164.156][..443]
idle: [....12] [ip4][..udp] [..192.168.1.254][38605] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
end: [....15] [ip4][..tcp] [..192.168.1.100][.3508] -> [.87.248.221.254][...80] [HTTP][Unknown][Download][Acceptable]
- RISK: Binary App Transfer, Susp DGA Domain name
+ RISK: Susp DGA Domain name, Binary file/data transfer (attempt)
guessed: [.....3] [ip4][..tcp] [..80.239.186.26][..443] -> [..192.168.1.100][.3476] [TLS][Unknown][Web][Safe]
RISK: Unidirectional Traffic, TCP Connection Issues
end: [.....3] [ip4][..tcp] [..80.239.186.26][..443] -> [..192.168.1.100][.3476]
diff --git a/test/results/flow-info/default/stun_signal.pcapng.out b/test/results/flow-info/default/stun_signal.pcapng.out
index 03a937b31..94036af3b 100644
--- a/test/results/flow-info/default/stun_signal.pcapng.out
+++ b/test/results/flow-info/default/stun_signal.pcapng.out
@@ -33,6 +33,10 @@
RISK: Known Proto on Non Std Port, Unidirectional Traffic
detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ detection-update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
new: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478]
detected: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
new: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443]
@@ -49,6 +53,18 @@
RISK: Known Proto on Non Std Port
new: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478]
detected: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ detection-update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
new: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156]
detected: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
@@ -76,11 +92,11 @@
update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
new: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302]
@@ -95,12 +111,30 @@
new: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443]
detected: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
+ detection-update: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478]
detected: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
new: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478]
detected: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ detection-update: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
+ detection-update: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Unidirectional Traffic
new: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169]
detected: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable]
+ detection-update: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org]
+ detection-update: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ detection-update: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
new: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054]
detected: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
@@ -119,13 +153,13 @@
[ENTROPIES...: 5.9,5.8,5.9,5.7,5.9,5.8,5.8,6.0,5.8,5.8,5.9,5.8,5.8,5.2,5.7,5.1,5.8,5.8,5.9,5.7,5.7,5.9,5.2,5.1,5.1,5.8,5.9,5.8,5.1,5.8,5.8,5.8]
update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
update: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
update: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
@@ -133,7 +167,7 @@
idle: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
idle: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
idle: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
@@ -141,23 +175,23 @@
idle: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
idle: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ RISK: Known Proto on Non Std Port
idle: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
idle: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
- idle: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ idle: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
idle: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
idle: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
idle: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
idle: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
idle: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable]
diff --git a/test/results/flow-info/default/stun_wa_call.pcapng.out b/test/results/flow-info/default/stun_wa_call.pcapng.out
index 373cf7725..c76506e55 100644
--- a/test/results/flow-info/default/stun_wa_call.pcapng.out
+++ b/test/results/flow-info/default/stun_wa_call.pcapng.out
@@ -77,6 +77,10 @@
new: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107]
detected: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
+ detection-update: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....11] [ip4][..udp] [.192.168.12.156][49526] -> [...10.82.40.241][40436] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [....13] [ip4][.icmp] [..93.63.100.129] -> [.192.168.12.156]
detected: [....13] [ip4][.icmp] [..93.63.100.129] -> [.192.168.12.156] [ICMP][Unknown][Network][Acceptable]
update: [.....2] [ip4][..udp] [.192.168.12.156][46652] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
@@ -89,8 +93,8 @@
idle: [.....8] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.196.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
idle: [.....6] [ip4][..udp] [.192.168.12.156][49526] -> [.157.240.203.62][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
idle: [....11] [ip4][..udp] [.192.168.12.156][49526] -> [...10.82.40.241][40436] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
- idle: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ idle: [....12] [ip4][..udp] [.192.168.12.156][49526] -> [...93.33.118.87][41107] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
idle: [.....9] [ip4][..udp] [.192.168.12.156][49526] -> [..179.60.192.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
idle: [....10] [ip4][..udp] [.192.168.12.156][49526] -> [..185.60.216.51][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
diff --git a/test/results/flow-info/default/teams.pcap.out b/test/results/flow-info/default/teams.pcap.out
index 0f51670c4..9c24be31a 100644
--- a/test/results/flow-info/default/teams.pcap.out
+++ b/test/results/flow-info/default/teams.pcap.out
@@ -369,7 +369,7 @@
detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443]
new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478]
- detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+ detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
detection-update: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478]
@@ -377,11 +377,13 @@
detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478]
- detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+ detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478]
detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
detection-update: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][>??i)?<????????????r]
+ detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][s?>?ed???[??+ez4???m]
new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443]
new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443]
detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152]
@@ -412,6 +414,12 @@
new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036]
detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+ RISK: Unidirectional Traffic
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
+ RISK: Unidirectional Traffic
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036]
detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
@@ -428,6 +436,10 @@
[IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9]
[PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]
[ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6]
+ detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443]
detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
detection-update: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
@@ -460,11 +472,11 @@
idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
idle: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
@@ -516,6 +528,7 @@
RISK: Known Proto on Non Std Port
idle: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_Teams][Azure][VoIP][Acceptable]
+ RISK: Susp Entropy
idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478]
idle: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe]
not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated]
diff --git a/test/results/flow-info/default/telegram_videocall.pcapng.out b/test/results/flow-info/default/telegram_videocall.pcapng.out
index b51a9755a..d21678e9e 100644
--- a/test/results/flow-info/default/telegram_videocall.pcapng.out
+++ b/test/results/flow-info/default/telegram_videocall.pcapng.out
@@ -91,24 +91,24 @@
detection-update: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org]
RISK: Known Proto on Non Std Port
new: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554]
- detected: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN][Unknown][Network][Acceptable][]
+ detected: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
new: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554]
- detected: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN][Unknown][Network][Acceptable][]
+ detected: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
new: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393]
- detected: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN][Unknown][Network][Acceptable][]
+ detected: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
new: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393]
- detected: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN][Unknown][Network][Acceptable][]
+ detected: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
- detection-update: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN][Unknown][Network][Acceptable][]
+ detection-update: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
- detection-update: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN][Unknown][Network][Acceptable][]
+ detection-update: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2]
detected: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
- analyse: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN][Unknown][Network][Acceptable]
+ analyse: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.475| 0.052| 0.095| 9109.989| 3.600]
[PKTLEN......: 49.000| 265.000| 106.200| 48.900| 2396.000| 4.900]
@@ -167,7 +167,7 @@
RISK: Known Proto on Non Std Port
idle: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
- idle: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN][Unknown][Network][Acceptable]
+ idle: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
idle: [.....1] [ip6][icmp6] [..............fe80::98df:58ff:fefa:ebdc] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable]
@@ -179,11 +179,11 @@
idle: [.....9] [ip4][..tcp] [.192.168.12.169][40834] -> [149.154.167.222][..443] [Telegram][Telegram][Chat][Acceptable]
idle: [....19] [ip4][..udp] [.192.168.12.169][49667] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
- idle: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN][Unknown][Network][Acceptable]
+ idle: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
- idle: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN][Unknown][Network][Acceptable]
+ idle: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
idle: [....20] [ip4][..udp] [.192.168.12.169][49780] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
@@ -197,7 +197,7 @@
idle: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222]
idle: [....21] [ip4][..udp] [.192.168.12.169][37849] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
- idle: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN][Unknown][Network][Acceptable]
+ idle: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
idle: [....17] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
diff --git a/test/results/flow-info/default/tls_certificate_too_long.pcap.out b/test/results/flow-info/default/tls_certificate_too_long.pcap.out
index 54c925f2d..2d0586881 100644
--- a/test/results/flow-info/default/tls_certificate_too_long.pcap.out
+++ b/test/results/flow-info/default/tls_certificate_too_long.pcap.out
@@ -55,11 +55,11 @@
detected: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Cloud][Safe][www.microsoft.com]
detection-update: [....17] [ip4][..udp] [..192.168.1.121][54561] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable][e13678.dscb.akamaiedge.net]
detection-update: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
- RISK: HTTP Susp Header
+ RISK: HTTP Susp Header, Binary file/data transfer (attempt)
new: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80]
detected: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Cloud][Safe][www.microsoft.com]
detection-update: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe][www.microsoft.com]
- RISK: HTTP Susp Header
+ RISK: HTTP Susp Header, Binary file/data transfer (attempt)
new: [....20] [ip4][..tcp] [..192.168.1.121][53905] -> [..140.82.113.26][..443] [MIDSTREAM]
new: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53]
detected: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS.Apple][Google][Network][Safe][time-macos.apple.com]
@@ -136,9 +136,9 @@
idle: [.....8] [ip4][....2] [..192.168.1.139] -> [....224.0.0.251] [IGMP][Unknown][Network][Acceptable]
idle: [.....7] [ip4][....2] [..192.168.1.139] -> [......224.0.0.2] [IGMP][Unknown][Network][Acceptable]
end: [....18] [ip4][..tcp] [..192.168.1.121][53912] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe]
- RISK: HTTP Susp Header
+ RISK: HTTP Susp Header, Binary file/data transfer (attempt)
end: [....19] [ip4][..tcp] [..192.168.1.121][53913] -> [....2.22.33.235][...80] [HTTP.Microsoft][Unknown][Download][Safe]
- RISK: HTTP Susp Header
+ RISK: HTTP Susp Header, Binary file/data transfer (attempt)
idle: [....14] [ip4][..udp] [..192.168.1.121][51364] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe]
idle: [.....9] [ip4][..udp] [..192.168.1.121][55567] -> [........8.8.8.8][...53] [DNS.Microsoft][Google][Network][Safe]
idle: [....16] [ip4][..udp] [..192.168.1.121][55578] -> [........8.8.8.8][...53] [DNS][Google][Network][Acceptable]
@@ -178,6 +178,7 @@
idle: [.....5] [ip6][..udp] [..............fe80::1059:a858:f9e7:cf94][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
end: [....20] [ip4][..tcp] [..192.168.1.121][53905] -> [..140.82.113.26][..443] [TLS][Github][Web][Safe]
not-detected: [.....2] [ip4][..tcp] [..192.168.1.121][52721] -> [..192.168.1.139][55367] [Unknown][Unknown][Unrated]
+ RISK: Susp Entropy
idle: [.....2] [ip4][..tcp] [..192.168.1.121][52721] -> [..192.168.1.139][55367]
idle: [....21] [ip4][..udp] [..192.168.1.121][65213] -> [........8.8.8.8][...53] [DNS.Apple][Google][Network][Safe]
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/wa_video.pcap.out b/test/results/flow-info/default/wa_video.pcap.out
index ad11e60f8..c0ba900b5 100644
--- a/test/results/flow-info/default/wa_video.pcap.out
+++ b/test/results/flow-info/default/wa_video.pcap.out
@@ -59,6 +59,12 @@
new: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641]
detected: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
+ detection-update: [....10] [ip4][..udp] [...192.168.2.12][53688] -> [.....1.60.78.64][59491] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
analyse: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.979| 0.150| 0.383| 146861.081| 2.700]
@@ -89,7 +95,8 @@
idle: [....11] [ip4][..udp] [...192.168.2.12][53688] -> [...91.252.56.51][32641] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
guessed: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222] [WhatsApp][WhatsApp][Chat][Acceptable]
+ RISK: Susp Entropy
idle: [.....2] [ip4][..tcp] [...192.168.2.12][49355] -> [..157.240.20.53][.5222]
idle: [....10] [ip4][..udp] [...192.168.2.12][53688] -> [.....1.60.78.64][59491] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/wa_voice.pcap.out b/test/results/flow-info/default/wa_voice.pcap.out
index 3c65b278b..de43affaf 100644
--- a/test/results/flow-info/default/wa_voice.pcap.out
+++ b/test/results/flow-info/default/wa_voice.pcap.out
@@ -99,6 +99,8 @@
new: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328]
detected: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
+ detection-update: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
analyse: [....14] [ip4][..udp] [...192.168.2.12][56328] -> [....31.13.86.48][.3478] [STUN.WhatsAppCall][Facebook][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 12.196| 1.588| 3.050| 9304956.469| 3.200]
@@ -112,6 +114,10 @@
new: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282]
detected: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
+ detection-update: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
analyse: [....23] [ip4][..udp] [...91.252.56.51][32704] -> [...192.168.2.12][56328] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 1.204| 0.182| 0.229| 52393.320| 4.200]
@@ -154,7 +160,7 @@
idle: [....12] [ip4][..udp] [...192.168.2.12][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
idle: [.....4] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
idle: [....24] [ip4][..udp] [...192.168.2.12][56328] -> [.....1.60.78.64][64282] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....26] [ip4][..udp] [...192.168.2.12][50191] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
idle: [.....7] [ip4][..tcp] [...192.168.2.12][50503] -> [....31.13.86.51][..443] [TLS.WhatsAppFiles][WhatsApp][Download][Acceptable]
idle: [....19] [ip4][..udp] [...192.168.2.12][64716] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable]
diff --git a/test/results/flow-info/default/waze.pcap.out b/test/results/flow-info/default/waze.pcap.out
index 753e6544a..d7404cdef 100644
--- a/test/results/flow-info/default/waze.pcap.out
+++ b/test/results/flow-info/default/waze.pcap.out
@@ -28,7 +28,7 @@
detection-update: [.....6] [ip4][..tcp] [.......10.8.0.1][36102] -> [..46.51.173.182][..443] [TLS.Waze][AmazonAWS][Web][Acceptable][]
RISK: Obsolete TLS (v1.1 or older), Weak TLS Cipher
detection-update: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Unknown][Download][Acceptable][xtra1.gpsonextra.net]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
new: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80]
new: [....10] [ip4][..tcp] [.......10.8.0.1][45540] -> [.54.230.227.172][...80]
detected: [.....9] [ip4][..tcp] [.......10.8.0.1][45538] -> [.54.230.227.172][...80] [HTTP.Waze][AmazonAWS][Web][Acceptable][cres.waze.com]
@@ -211,7 +211,7 @@
guessed: [....28] [ip4][..tcp] [.......10.8.0.1][60574] -> [...200.160.4.49][...80] [HTTP][Unknown][Web][Acceptable][]
end: [....28] [ip4][..tcp] [.......10.8.0.1][60574] -> [...200.160.4.49][...80]
end: [.....3] [ip4][..tcp] [.......10.8.0.1][54915] -> [..65.39.128.135][...80] [HTTP][Unknown][Download][Acceptable]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
guessed: [....23] [ip4][..tcp] [...10.16.37.157][46473] -> [...200.160.4.49][...80] [HTTP][Unknown][Web][Acceptable][]
end: [....23] [ip4][..tcp] [...10.16.37.157][46473] -> [...200.160.4.49][...80]
guessed: [....30] [ip4][..tcp] [.......10.8.0.1][60479] -> [...200.160.4.49][..443] [TLS][Unknown][Web][Safe]
diff --git a/test/results/flow-info/default/wechat.pcap.out b/test/results/flow-info/default/wechat.pcap.out
index a9fd8499b..4d8acc25f 100644
--- a/test/results/flow-info/default/wechat.pcap.out
+++ b/test/results/flow-info/default/wechat.pcap.out
@@ -216,6 +216,7 @@
[PKTLENS.....: 60,60,52,290,52,1480,52,1740,52,178,103,1225,429,52,250,1292,527,52,1480,216,52,1225,429,52,250,52,1140,1480,52,1480,52,1480]
[ENTROPIES...: 4.7,5.2,5.1,5.9,5.1,6.8,5.0,7.6,5.0,6.4,6.1,7.8,7.4,5.1,7.1,7.8,7.6,5.1,7.9,7.0,5.0,7.8,7.4,5.1,7.1,5.0,7.8,7.9,5.1,7.9,5.1,7.9]
guessed: [.....1] [ip4][..tcp] [203.205.151.162][..443] -> [..192.168.1.103][54084] [TLS][Unknown][Web][Safe]
+ RISK: Susp Entropy
end: [.....1] [ip4][..tcp] [203.205.151.162][..443] -> [..192.168.1.103][54084]
guessed: [....15] [ip4][..tcp] [..192.168.1.103][54085] -> [203.205.151.162][..443] [TLS][Unknown][Web][Safe]
end: [....15] [ip4][..tcp] [..192.168.1.103][54085] -> [203.205.151.162][..443]
diff --git a/test/results/flow-info/default/weibo.pcap.out b/test/results/flow-info/default/weibo.pcap.out
index 1bfa784db..99e555b67 100644
--- a/test/results/flow-info/default/weibo.pcap.out
+++ b/test/results/flow-info/default/weibo.pcap.out
@@ -201,6 +201,7 @@
idle: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun]
idle: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
guessed: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361] [QUIC][Google][Web][Acceptable]
+ RISK: Susp Entropy
idle: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361]
end: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun]
guessed: [.....7] [ip4][..tcp] [..192.168.1.105][59120] -> [.114.134.80.162][...80] [HTTP][Unknown][Web][Acceptable][]
@@ -210,6 +211,7 @@
guessed: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443] [TLS][Google][Web][Safe]
idle: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443]
guessed: [.....4] [ip4][..udp] [..192.168.1.105][53656] -> [.216.58.210.227][..443] [QUIC][Google][Web][Acceptable]
+ RISK: Susp Entropy
idle: [.....4] [ip4][..udp] [..192.168.1.105][53656] -> [.216.58.210.227][..443]
idle: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun]
idle: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun]
diff --git a/test/results/flow-info/default/whatsapp_login_call.pcap.out b/test/results/flow-info/default/whatsapp_login_call.pcap.out
index afae754b5..25c80512f 100644
--- a/test/results/flow-info/default/whatsapp_login_call.pcap.out
+++ b/test/results/flow-info/default/whatsapp_login_call.pcap.out
@@ -126,7 +126,11 @@
new: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344]
detected: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
- analyse: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ detection-update: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....38] [ip4][..udp] [....192.168.2.4][51518] -> [...1.194.90.191][60312] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ analyse: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.352| 0.131| 0.070| 4931.355| 4.700]
[PKTLEN......: 50.000| 337.000| 199.000| 98.800| 9763.600| 4.800]
@@ -210,6 +214,8 @@
new: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665]
detected: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
RISK: Known Proto on Non Std Port
+ detection-update: [....54] [ip4][..udp] [....192.168.2.4][52794] -> [...1.194.90.191][51727] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
analyse: [....55] [ip4][..udp] [....192.168.2.4][52794] -> [..91.253.176.65][.9665] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
min| max| avg| stddev| variance| entropy
[IAT.........: < 0.001| 0.307| 0.114| 0.086| 7398.241| 4.500]
@@ -220,11 +226,11 @@
[IATS(ms)....: 304.3,307.4,8.4,89.9,31.9,6.5,226.2,154.2,0.0,188.0,0.3,163.9,163.4,160.1,21.8,153.7,0.1,168.1,122.6,138.9,158.5,186.7,16.2,65.9,114.2,83.7,193.2,164.5,1.3,77.1,55.4]
[PKTLENS.....: 72,72,72,72,72,134,124,306,167,54,232,134,228,212,103,134,151,54,172,156,161,172,156,134,114,140,205,140,209,54,134,171]
[ENTROPIES...: 5.6,5.6,5.6,5.5,5.6,6.3,6.4,7.3,6.7,5.2,7.0,6.6,7.1,7.0,6.2,6.5,6.6,5.2,6.7,6.6,6.7,6.7,6.7,6.4,6.3,6.5,6.9,6.5,6.9,5.2,6.6,6.7]
- update: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ update: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
update: [....40] [ip4][.icmp] [....192.168.2.4] -> [..91.253.176.65] [ICMP][Unknown][Network][Acceptable]
update: [....38] [ip4][..udp] [....192.168.2.4][51518] -> [...1.194.90.191][60312] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
new: [....56] [ip4][..tcp] [....192.168.2.4][49197] -> [..17.167.142.39][..443] [MIDSTREAM]
update: [....41] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
update: [....42] [ip4][..udp] [169.254.166.207][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
@@ -294,13 +300,13 @@
RISK: Known Proto on Non Std Port
update: [....33] [ip4][..udp] [....192.168.2.1][17500] -> [..192.168.2.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
update: [....54] [ip4][..udp] [....192.168.2.4][52794] -> [...1.194.90.191][51727] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
update: [....34] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
- update: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ update: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
update: [....40] [ip4][.icmp] [....192.168.2.4] -> [..91.253.176.65] [ICMP][Unknown][Network][Acceptable]
update: [....38] [ip4][..udp] [....192.168.2.4][51518] -> [...1.194.90.191][60312] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....41] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
idle: [.....1] [ip4][..tcp] [....192.168.2.4][49199] -> [..17.172.100.70][..993] [IMAPS][Apple][Email][Safe]
guessed: [....35] [ip4][..tcp] [....192.168.2.4][49194] -> [..93.62.150.157][..443] [TLS][Unknown][Web][Safe]
@@ -328,11 +334,11 @@
idle: [....45] [ip6][..udp] [...............fe80::c42c:3ff:fe60:6a64][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
end: [....14] [ip4][..tcp] [....192.168.2.4][49202] -> [.184.173.179.37][.5222] [WhatsApp][Unknown][Chat][Acceptable]
idle: [....54] [ip4][..udp] [....192.168.2.4][52794] -> [...1.194.90.191][51727] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
idle: [....16] [ip4][..tcp] [....192.168.2.4][49193] -> [..17.110.229.14][.5223] [ApplePush][Apple][Cloud][Acceptable]
idle: [....44] [ip4][..udp] [....192.168.2.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable]
idle: [....34] [ip4][..udp] [....192.168.2.1][57621] -> [..192.168.2.255][57621] [Spotify][Unknown][Music][Fun]
- idle: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+ idle: [....39] [ip4][..udp] [....192.168.2.4][51518] -> [..91.253.176.65][.9344] [SRTP.WhatsAppCall][Unknown][VoIP][Acceptable]
RISK: Known Proto on Non Std Port
idle: [....11] [ip4][..udp] [....192.168.2.4][51897] -> [....192.168.2.1][...53] [DNS.Apple][Unknown][Network][Safe]
end: [....13] [ip4][..tcp] [....192.168.2.4][49201] -> [..17.178.104.12][..443] [TLS.Apple][Apple][Web][Safe]
@@ -355,7 +361,7 @@
end: [....21] [ip4][..tcp] [....192.168.2.4][49181] -> [..17.172.100.37][..443]
idle: [....43] [ip6][..udp] [................fe80::da30:62ff:fe56:1c][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable]
idle: [....38] [ip4][..udp] [....192.168.2.4][51518] -> [...1.194.90.191][60312] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
- RISK: Known Proto on Non Std Port
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
end: [....17] [ip4][..tcp] [....192.168.2.4][49204] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe]
RISK: TLS (probably) Not Carrying HTTPS
idle: [....57] [ip4][..tcp] [....192.168.2.4][49205] -> [..17.173.66.102][..443] [TLS.AppleStore][Apple][SoftwareUpdate][Safe]
diff --git a/test/results/flow-info/default/windowsupdate_over_http.pcap.out b/test/results/flow-info/default/windowsupdate_over_http.pcap.out
index f1718be34..f4e62aff6 100644
--- a/test/results/flow-info/default/windowsupdate_over_http.pcap.out
+++ b/test/results/flow-info/default/windowsupdate_over_http.pcap.out
@@ -3,7 +3,7 @@
detected: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] [HTTP.WindowsUpdate][Unknown][SoftwareUpdate][Safe][151.99.72.125]
RISK: HTTP/TLS/QUIC Numeric Hostname/SNI
detection-update: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] [HTTP.WindowsUpdate][Unknown][Download][Safe][151.99.72.125]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
idle: [.....1] [ip4][..tcp] [......10.0.2.15][49815] -> [..151.99.72.125][...80] [HTTP.WindowsUpdate][Unknown][Download][Safe]
- RISK: Binary App Transfer, HTTP/TLS/QUIC Numeric Hostname/SNI
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, Binary file/data transfer (attempt)
DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/default/zoom.pcap.out b/test/results/flow-info/default/zoom.pcap.out
index f9af59cca..f7f50d8cc 100644
--- a/test/results/flow-info/default/zoom.pcap.out
+++ b/test/results/flow-info/default/zoom.pcap.out
@@ -195,6 +195,7 @@
idle: [.....6] [ip4][..udp] [..192.168.1.117][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable]
idle: [....33] [ip4][..udp] [..192.168.1.117][61731] -> [..109.94.160.99][.8801] [SRTP.Zoom][Unknown][Video][Acceptable]
guessed: [....15] [ip4][..tcp] [..192.168.1.117][53867] -> [..104.199.65.42][...80] [HTTP][Google][Web][Acceptable][]
+ RISK: Susp Entropy
idle: [....15] [ip4][..tcp] [..192.168.1.117][53867] -> [..104.199.65.42][...80]
idle: [.....8] [ip4][..tcp] [..192.168.1.117][54864] -> [..52.202.62.238][..443] [TLS.Zoom][Zoom][Video][Acceptable]
idle: [....19] [ip4][..tcp] [..192.168.1.117][54865] -> [..52.202.62.196][..443] [TLS.Zoom][Zoom][Video][Acceptable]
diff --git a/test/results/flow-info/enable_payload_stat/1kxun.pcap.out b/test/results/flow-info/enable_payload_stat/1kxun.pcap.out
index 2b471b0ff..8a5569319 100644
--- a/test/results/flow-info/enable_payload_stat/1kxun.pcap.out
+++ b/test/results/flow-info/enable_payload_stat/1kxun.pcap.out
@@ -427,7 +427,7 @@
new: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [MIDSTREAM]
detected: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com]
detection-update: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
new: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [MIDSTREAM]
detected: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com]
new: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [MIDSTREAM]
@@ -571,6 +571,7 @@
idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable]
RISK: Non-Printable/Invalid Chars Detected
guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe]
+ RISK: Susp Entropy
idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406]
end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable]
RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI
@@ -863,7 +864,7 @@
idle: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
idle: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable]
idle: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
idle: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun]
diff --git a/test/results/flow-info/ip_lists_disable/1kxun.pcap.out b/test/results/flow-info/ip_lists_disable/1kxun.pcap.out
index 2b471b0ff..8a5569319 100644
--- a/test/results/flow-info/ip_lists_disable/1kxun.pcap.out
+++ b/test/results/flow-info/ip_lists_disable/1kxun.pcap.out
@@ -427,7 +427,7 @@
new: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [MIDSTREAM]
detected: [...134] [ip4][..tcp] [..192.168.2.126][41134] -> [.129.226.107.77][...80] [HTTP.QQ][Tencent][Chat][Fun][cgi.connect.qq.com]
detection-update: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun][kankan.1kxun.mobi]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
new: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [MIDSTREAM]
detected: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun][kankan.1kxun.com]
new: [...136] [ip4][..tcp] [..192.168.2.126][47262] -> [..161.117.13.29][...80] [MIDSTREAM]
@@ -571,6 +571,7 @@
idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable]
RISK: Non-Printable/Invalid Chars Detected
guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe]
+ RISK: Susp Entropy
idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406]
end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable]
RISK: HTTP Susp User-Agent, HTTP/TLS/QUIC Numeric Hostname/SNI
@@ -863,7 +864,7 @@
idle: [...142] [ip4][..tcp] [..192.168.2.126][46170] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
idle: [...141] [ip4][..tcp] [..192.168.2.126][46184] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
idle: [...133] [ip4][..tcp] [..192.168.2.126][47230] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Download][Fun]
- RISK: Binary App Transfer
+ RISK: Binary file/data transfer (attempt)
idle: [...188] [ip4][..tcp] [..192.168.2.126][37100] -> [..52.29.177.177][...80] [HTTP][AmazonAWS][Web][Acceptable]
idle: [...143] [ip4][..tcp] [..192.168.2.126][46200] -> [.172.105.121.82][...80] [HTTP.1kxun][Unknown][Streaming][Fun]
idle: [...135] [ip4][..tcp] [..192.168.2.126][47246] -> [..161.117.13.29][...80] [HTTP.1kxun][Alibaba][Streaming][Fun]
diff --git a/test/results/flow-info/stun_mapped_address_disabled/teams.pcap.out b/test/results/flow-info/stun_mapped_address_disabled/teams.pcap.out
new file mode 100644
index 000000000..9c24be31a
--- /dev/null
+++ b/test/results/flow-info/stun_mapped_address_disabled/teams.pcap.out
@@ -0,0 +1,573 @@
+ DAEMON-EVENT: init
+ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+ new: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67]
+ detected: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][tl-sg116e]
+ ERROR-EVENT: Unknown packet type [1/16]
+ new: [.....2] [ip4][..tcp] [....192.168.1.6][58533] -> [.149.154.167.91][..443] [MIDSTREAM]
+ ERROR-EVENT: Unknown packet type [2/16]
+ ERROR-EVENT: Unknown packet type [3/16]
+ ERROR-EVENT: Unknown packet type [4/16]
+ ERROR-EVENT: Unknown packet type [5/16]
+ ERROR-EVENT: Unknown packet type [6/16]
+ new: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53]
+ detected: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net]
+ detection-update: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net]
+ new: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443]
+ new: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443]
+ detected: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
+ detection-update: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
+ detected: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ analyse: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.030| 0.006| 0.009| 77.930| 3.700]
+ [PKTLEN......: 40.000| 1492.000| 393.900| 548.100| 300365.600| 3.900]
+ [BINS(c->s)..: 10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0]
+ [IATS(ms)....: 12.5,12.6,1.4,13.9,1.6,0.2,14.3,0.3,0.2,0.1,0.0,0.1,4.9,16.5,1.1,12.8,0.3,0.3,11.4,0.4,0.2,23.0,0.0,11.1,0.4,29.3,29.8,0.5,0.1,0.0,0.5]
+ [PKTLENS.....: 64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40]
+ [ENTROPIES...: 4.4,4.9,4.5,5.4,4.6,7.4,7.4,4.7,7.5,4.6,7.6,7.1,4.6,6.6,4.6,7.2,4.7,6.0,4.6,6.2,5.1,7.0,5.4,4.6,4.7,4.6,7.6,4.7,7.8,7.8,7.7,4.7]
+ detection-update: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ ERROR-EVENT: Unknown packet type [7/16]
+ new: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443]
+ detected: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
+ detection-update: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
+ analyse: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.221| 0.032| 0.054| 2931.592| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 907.900| 687.500| 472618.500| 4.400]
+ [BINS(c->s)..: 5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0]
+ [BINS(s->c)..: 5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0]
+ [IATS(ms)....: 43.2,43.3,94.0,139.8,0.2,45.9,0.1,0.1,1.4,46.8,45.4,177.2,0.0,0.0,221.2,44.0,0.0,0.0,0.0,21.3,21.2,0.0,23.0,23.0,0.0,0.0,0.0,1.2,1.2,0.0,0.0]
+ [PKTLENS.....: 64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480]
+ [ENTROPIES...: 4.4,5.2,4.9,5.6,7.3,7.3,4.9,7.7,4.9,5.9,5.5,4.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9]
+ new: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443]
+ detected: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ new: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443]
+ detected: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
+ detection-update: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
+ analyse: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.050| 0.018| 0.021| 449.200| 3.900]
+ [PKTLEN......: 52.000| 1492.000| 680.600| 673.100| 453031.800| 4.200]
+ [BINS(c->s)..: 7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0]
+ [BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0]
+ [IATS(ms)....: 45.3,45.4,0.3,49.2,0.0,48.8,0.2,0.2,1.3,46.5,45.3,1.9,0.0,0.0,47.7,45.8,0.0,0.0,0.0,37.7,37.7,0.0,8.0,8.1,0.0,0.7,37.0,7.8,4.3,49.8,1.3]
+ [PKTLENS.....: 64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83]
+ [ENTROPIES...: 4.3,5.2,5.0,6.0,7.3,7.7,5.1,7.3,5.0,6.0,5.7,5.1,7.8,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.8,5.1,5.2,5.2,7.5,5.0,5.3]
+ ERROR-EVENT: Unknown packet type [8/16]
+ ERROR-EVENT: Unknown packet type [9/16]
+ new: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443]
+ detected: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ ERROR-EVENT: Unknown packet type [10/16]
+ new: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53]
+ detected: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+ new: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500]
+ detected: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+ new: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500]
+ detected: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+ ERROR-EVENT: Unknown packet type [11/16]
+ ERROR-EVENT: Unknown packet type [12/16]
+ detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+ RISK: Unidirectional Traffic
+ detection-update: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe][b._dns-sd._udp.ntop.org]
+ RISK: Error Code
+ new: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67]
+ detected: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable][]
+ new: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [MIDSTREAM]
+ detected: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe]
+ ERROR-EVENT: Unknown packet type [13/16]
+ new: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53]
+ detected: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com.edgekey.net]
+ detection-update: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS.Apple][Unknown][Network][Safe][captive.apple.com.edgekey.net]
+ ERROR-EVENT: Unknown packet type [14/16]
+ ERROR-EVENT: Unknown packet type [15/16]
+ new: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53]
+ detected: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com]
+ new: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53]
+ detected: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com]
+ detection-update: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][eu-prod.asyncgw.teams.microsoft.com]
+ new: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443]
+ detection-update: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable][eu-api.asm.skype.com]
+ new: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443]
+ detected: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
+ detected: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com]
+ detection-update: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
+ detection-update: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com]
+ new: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443]
+ new: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443]
+ detected: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
+ detected: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com]
+ new: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53]
+ detected: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com]
+ detection-update: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe][eu-prod.asyncgw.teams.microsoft.com]
+ detection-update: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][eu-api.asm.skype.com]
+ detection-update: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][config.teams.microsoft.com]
+ new: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443]
+ detected: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com]
+ detection-update: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com]
+ new: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53]
+ detected: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net]
+ new: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443]
+ detection-update: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][northeuropecns.trafficmanager.net]
+ new: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443]
+ detected: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ detected: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com]
+ detection-update: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe][northeurope.notifications.teams.microsoft.com]
+ detection-update: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ ERROR-EVENT: Unknown packet type [16/16]
+ new: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53]
+ detected: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][presence.services.sfb.trafficmanager.net]
+ detection-update: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][presence.services.sfb.trafficmanager.net]
+ new: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443]
+ new: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [MIDSTREAM]
+ detected: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [TLS][Dropbox][Web][Safe]
+ detected: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com]
+ detection-update: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe][presence.teams.microsoft.com]
+ analyse: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.153| 0.028| 0.040| 1626.047| 3.600]
+ [PKTLEN......: 52.000| 1492.000| 819.700| 699.200| 488828.900| 4.300]
+ [BINS(c->s)..: 5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0]
+ [BINS(s->c)..: 7,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0]
+ [IATS(ms)....: 50.5,50.6,0.3,64.6,72.0,0.2,136.5,0.1,0.1,1.4,68.0,86.2,152.9,2.3,0.0,0.0,46.4,44.1,0.0,0.0,0.0,23.6,23.6,0.0,20.9,20.9,0.0,0.0,0.0,0.8,0.8]
+ [PKTLENS.....: 64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480]
+ [ENTROPIES...: 4.4,5.3,5.0,5.9,5.1,7.3,7.3,5.0,7.7,5.0,5.9,5.2,5.6,5.0,7.9,7.8,7.9,5.2,7.9,7.9,7.9,7.9,5.2,7.9,7.9,5.2,7.9,7.9,7.8,7.9,5.2,7.9]
+ new: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434]
+ detected: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org]
+ RISK: Known Proto on Non Std Port
+ analyse: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.201| 0.025| 0.047| 2215.159| 3.200]
+ [PKTLEN......: 40.000| 1492.000| 340.200| 510.300| 260451.700| 3.800]
+ [BINS(c->s)..: 11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
+ [BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1]
+ [IATS(ms)....: 45.7,45.8,0.2,47.9,0.0,47.7,0.0,0.1,0.2,0.1,0.2,9.9,9.9,3.5,10.4,0.4,51.4,37.1,0.2,0.2,0.2,7.1,7.0,1.3,1.2,79.2,201.4,0.0,0.0,167.5,0.2]
+ [PKTLENS.....: 64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82]
+ [ENTROPIES...: 4.4,5.0,4.6,5.4,7.1,7.4,4.7,4.7,4.5,7.6,7.6,4.7,7.5,4.7,6.6,6.1,7.6,5.4,4.6,6.0,4.5,5.2,5.4,4.7,7.5,4.7,4.5,7.9,6.6,6.7,4.5,5.4]
+ new: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53]
+ detected: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][chatsvcagg.svcs.teams.office.com]
+ detection-update: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][chatsvcagg.svcs.teams.office.com]
+ new: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443]
+ detected: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe][chatsvcagg.teams.microsoft.com]
+ new: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443]
+ detected: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ analyse: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.115| 0.021| 0.031| 968.681| 3.500]
+ [PKTLEN......: 52.000| 1492.000| 377.200| 521.700| 272149.200| 3.900]
+ [BINS(c->s)..: 11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]
+ [BINS(s->c)..: 3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1]
+ [IATS(ms)....: 34.2,34.3,0.3,36.9,0.0,36.6,0.0,0.2,0.2,0.1,0.0,0.1,1.0,12.0,0.3,36.0,22.7,0.2,0.2,0.1,10.4,10.3,0.6,0.6,77.1,91.7,0.0,49.1,80.4,115.1,0.2]
+ [PKTLENS.....: 64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139]
+ [ENTROPIES...: 4.3,5.1,4.7,5.5,7.4,7.3,4.8,4.8,7.5,4.7,7.6,7.4,4.8,6.3,6.2,7.5,5.6,4.9,6.0,4.9,5.4,5.5,4.8,7.4,4.9,5.1,7.8,7.0,5.0,6.8,4.7,7.8]
+ new: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53]
+ detected: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com]
+ detection-update: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][substrate.office.com]
+ new: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443]
+ detected: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com]
+ detection-update: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable][substrate.office.com]
+ analyse: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 2.010| 0.146| 0.490| 239614.050| 1.700]
+ [PKTLEN......: 40.000| 1492.000| 305.200| 468.100| 219152.800| 3.800]
+ [BINS(c->s)..: 9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1]
+ [IATS(ms)....: 12.7,12.8,0.2,12.4,2.5,0.3,14.9,0.5,0.5,0.2,0.0,0.8,4.9,17.1,1.4,0.0,13.1,0.0,0.2,0.3,0.1,11.8,0.0,11.2,0.1,0.6,112.9,113.7,1998.1,2009.8,174.6]
+ [PKTLENS.....: 64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345]
+ [ENTROPIES...: 4.4,5.0,4.6,5.5,4.5,7.3,7.5,4.6,7.5,4.6,7.7,6.8,4.7,6.5,4.5,7.2,6.0,4.6,4.6,6.2,5.2,7.6,4.4,5.4,4.6,4.5,4.5,7.5,4.7,7.2,4.5,7.3]
+ analyse: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.540| 0.024| 0.095| 8949.939| 1.900]
+ [PKTLEN......: 40.000| 1492.000| 331.500| 473.500| 224192.200| 3.900]
+ [BINS(c->s)..: 9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]
+ [BINS(s->c)..: 5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0]
+ [IATS(ms)....: 11.5,11.6,0.3,11.9,32.5,0.1,44.2,0.2,0.0,0.2,3.8,7.7,0.3,0.1,14.6,1.5,0.0,4.2,0.0,0.3,6.5,0.5,6.7,4.3,9.9,14.2,10.7,10.7,539.6,0.0,0.3]
+ [PKTLENS.....: 64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248]
+ [ENTROPIES...: 4.4,4.9,4.5,5.4,4.5,6.7,7.5,4.6,7.6,5.7,4.7,6.5,6.2,7.6,6.5,4.5,7.2,5.8,4.6,4.6,5.3,4.5,5.4,4.6,4.5,7.7,4.7,7.3,4.7,7.8,7.7,7.0]
+ new: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53]
+ detected: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com]
+ new: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53]
+ detected: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+ new: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53]
+ detected: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+ new: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53]
+ detected: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com]
+ detection-update: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+ detection-update: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+ new: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443]
+ detection-update: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][api.flightproxy.teams.microsoft.com]
+ detection-update: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][euaz.tr.teams.microsoft.com]
+ RISK: Minor Issues
+ new: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53]
+ detected: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][outlook.office.com]
+ detection-update: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable][outlook.office.com]
+ new: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443]
+ new: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443]
+ new: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53]
+ detected: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net]
+ new: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443]
+ new: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443]
+ detected: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][skypedataprdcolneu04.cloudapp.net]
+ detected: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][config.teams.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ detected: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ detected: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
+ detected: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
+ detection-update: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe][trouter2-asse-a.trouter.teams.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ analyse: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.154| 0.015| 0.036| 1274.324| 2.800]
+ [PKTLEN......: 40.000| 1492.000| 585.700| 671.400| 450756.000| 4.000]
+ [BINS(c->s)..: 10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1]
+ [IATS(ms)....: 12.9,13.0,0.5,12.4,2.0,1.5,15.4,0.1,0.1,0.1,0.0,0.1,21.6,33.0,11.5,11.7,0.1,11.8,0.6,13.4,140.4,0.7,154.0,0.2,0.2,0.2,0.2,0.5,0.0,0.1,0.2]
+ [PKTLENS.....: 64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492]
+ [ENTROPIES...: 4.4,4.9,4.5,5.5,4.4,7.3,7.5,4.6,7.5,4.5,7.7,6.7,4.6,6.5,4.5,5.7,4.5,5.6,4.6,7.8,4.6,7.9,7.9,4.6,7.9,4.6,7.9,7.9,4.6,4.5,7.9,7.9]
+ new: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443]
+ detected: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe][teams.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ new: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443]
+ detected: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ analyse: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.053| 0.020| 0.022| 492.470| 3.900]
+ [PKTLEN......: 52.000| 1492.000| 640.900| 667.900| 446080.700| 4.100]
+ [BINS(c->s)..: 9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0]
+ [BINS(s->c)..: 6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0]
+ [IATS(ms)....: 48.6,48.7,0.3,51.0,0.1,50.7,0.0,0.3,0.3,1.7,49.8,48.1,1.4,0.0,0.0,50.5,49.1,0.0,0.0,0.0,37.2,37.2,0.0,11.5,11.5,1.0,36.0,16.0,53.0,0.7,0.1]
+ [PKTLENS.....: 64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52]
+ [ENTROPIES...: 4.4,5.3,4.9,6.0,7.3,7.3,5.1,4.9,7.6,5.0,5.9,5.7,5.0,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.8,7.9,5.1,7.8,5.1,5.2,7.6,5.1,5.3,5.0]
+ new: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621]
+ detected: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun]
+ new: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443]
+ detected: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
+ detection-update: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable][login.microsoftonline.com]
+ new: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443]
+ detected: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ new: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53]
+ detected: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com]
+ detection-update: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][api.microsoftstream.com]
+ new: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443]
+ detected: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][api.microsoftstream.com]
+ detection-update: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe][mobile.pipe.aria.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ analyse: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.126| 0.019| 0.032| 1006.354| 3.400]
+ [PKTLEN......: 52.000| 1492.000| 345.200| 499.900| 249913.200| 3.900]
+ [BINS(c->s)..: 12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]
+ [BINS(s->c)..: 2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0]
+ [IATS(ms)....: 29.5,29.6,0.2,45.7,0.2,45.7,0.1,0.1,0.1,0.1,0.0,0.1,0.6,23.2,0.2,30.2,0.0,6.1,0.0,0.2,22.9,22.6,1.5,1.4,2.9,0.0,32.7,0.2,30.1,125.5,125.6]
+ [PKTLENS.....: 64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52]
+ [ENTROPIES...: 4.4,5.2,4.9,5.6,7.4,7.5,4.9,7.4,4.9,4.8,7.6,7.1,5.0,5.9,6.3,7.4,5.6,6.1,4.9,4.9,5.4,5.6,4.9,7.5,5.0,7.9,6.1,5.1,5.7,5.0,7.5,4.9]
+ new: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53]
+ detected: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com]
+ detection-update: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][euno-1.api.microsoftstream.com]
+ new: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443]
+ analyse: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.162| 0.032| 0.044| 1964.919| 3.600]
+ [PKTLEN......: 52.000| 1492.000| 736.700| 694.000| 481656.100| 4.200]
+ [BINS(c->s)..: 5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]
+ [BINS(s->c)..: 8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0]
+ [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1]
+ [IATS(ms)....: 48.4,48.5,0.5,88.2,136.5,113.7,0.2,161.8,0.1,0.1,1.1,74.6,73.5,1.1,0.0,0.0,50.1,49.0,0.0,0.0,0.0,48.4,48.4,0.0,0.0,0.0,1.6,1.5,46.9,1.1,1.7]
+ [PKTLENS.....: 64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52]
+ [ENTROPIES...: 4.4,5.3,4.9,6.0,6.0,5.1,7.3,7.3,5.0,7.7,5.0,6.0,5.6,5.0,7.9,7.9,7.9,5.2,7.9,7.9,7.9,7.9,5.1,7.9,7.9,7.9,7.9,5.2,7.9,5.2,5.2,5.2]
+ detected: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][euno-1.api.microsoftstream.com]
+ new: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53]
+ detected: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com]
+ detection-update: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe][dc.applicationinsights.microsoft.com]
+ new: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443]
+ detected: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
+ detection-update: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
+ new: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53]
+ detected: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net]
+ detection-update: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][emea.ng.msg.teams-msgapi.trafficmanager.net]
+ new: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443]
+ detected: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
+ detection-update: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe][emea.ng.msg.teams.microsoft.com]
+ analyse: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 0.277| 0.019| 0.049| 2449.644| 2.900]
+ [PKTLEN......: 52.000| 1492.000| 370.200| 512.100| 262257.700| 3.900]
+ [BINS(c->s)..: 11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1]
+ [IATS(ms)....: 19.2,19.3,0.2,22.0,0.0,21.8,0.0,0.2,0.2,0.2,0.0,0.2,1.1,12.3,0.3,19.9,0.0,6.3,0.0,0.6,12.0,11.4,1.5,1.4,55.0,62.1,0.0,25.5,0.0,18.4,276.9]
+ [PKTLENS.....: 64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335]
+ [ENTROPIES...: 4.4,5.3,4.9,5.6,7.1,7.3,5.0,5.0,7.5,4.9,7.6,7.5,4.9,6.3,6.3,7.6,5.6,5.9,5.0,4.9,5.4,5.7,5.0,7.5,5.0,5.2,7.8,6.2,5.2,5.6,5.0,7.8]
+ analyse: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 8.978| 0.329| 1.582| 2503841.415| 0.800]
+ [PKTLEN......: 40.000| 1492.000| 339.200| 486.100| 236250.500| 3.900]
+ [BINS(c->s)..: 10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1]
+ [IATS(ms)....: 47.1,47.2,0.5,44.4,0.0,43.9,0.0,0.0,0.2,0.1,0.0,0.2,0.0,4.4,9.7,0.3,46.5,32.1,0.5,0.4,0.1,18.9,1.4,20.2,62.9,403.2,425.0,8978.2,0.0,0.0,0.0]
+ [PKTLENS.....: 64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78]
+ [ENTROPIES...: 4.3,4.9,4.6,5.6,7.4,7.3,4.7,4.6,4.6,7.5,7.6,7.1,4.7,4.6,6.5,6.1,7.6,5.4,4.6,5.9,4.6,5.2,4.5,7.4,4.7,4.5,7.8,4.6,7.4,7.5,5.6,5.5]
+ new: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [MIDSTREAM]
+ new: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434]
+ detected: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe][dati.ntop.org]
+ RISK: Known Proto on Non Std Port
+ new: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478]
+ new: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478]
+ detected: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+ new: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443]
+ new: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53]
+ detected: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
+ detection-update: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable][b-tr-teams-euno-05.northeurope.cloudapp.azure.com]
+ detected: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ new: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478]
+ detected: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+ new: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443]
+ new: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478]
+ detected: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+ detection-update: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ new: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478]
+ detected: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+ detected: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ new: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478]
+ detected: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
+ new: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478]
+ detected: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+ detection-update: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe][euaz.tr.teams.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][>??i)?<????????????r]
+ detection-update: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][s?>?ed???[??+ez4???m]
+ new: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443]
+ new: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443]
+ detected: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.152]
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS
+ detected: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][52.114.250.153]
+ RISK: HTTP/TLS/QUIC Numeric Hostname/SNI, TLS (probably) Not Carrying HTTPS
+ detection-update: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.152]
+ RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS
+ detection-update: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe][52.114.250.153]
+ RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS
+ new: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443]
+ new: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53]
+ detected: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net]
+ detection-update: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe][c-flightproxy-euno-01-teams.cloudapp.net]
+ detected: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ detection-update: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe][api.flightproxy.teams.microsoft.com]
+ RISK: TLS (probably) Not Carrying HTTPS
+ new: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005]
+ detected: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020]
+ detected: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016]
+ detected: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036]
+ detected: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+ RISK: Unidirectional Traffic
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
+ RISK: Unidirectional Traffic
+ detection-update: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][?n???z`?s????}??d??]]
+ detection-update: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][<??a????h (?/??????]
+ new: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036]
+ detected: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ new: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016]
+ detected: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port
+ analyse: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.567| 0.072| 0.275| 75449.426| 1.900]
+ [PKTLEN......: 40.000| 1492.000| 256.900| 427.000| 182315.300| 3.700]
+ [BINS(c->s)..: 15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]
+ [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1]
+ [IATS(ms)....: 45.0,45.1,0.2,47.4,47.2,0.2,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.0,8.0,0.0,0.0,52.4,1.2,45.6,48.6,92.2,43.7,69.1,0.3,113.5,1566.9]
+ [PKTLENS.....: 64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46]
+ [ENTROPIES...: 4.4,4.9,4.5,5.4,7.5,4.6,7.4,6.2,4.7,4.7,7.7,7.0,4.7,4.5,7.6,6.6,4.4,4.5,4.5,6.4,4.5,5.8,4.6,5.4,4.6,6.4,6.9,4.5,5.4,4.4,4.6,4.6]
+ detection-update: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ detection-update: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable][]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ new: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443]
+ detected: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
+ detection-update: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable][gate.hockeyapp.net]
+ new: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6]
+ detected: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable]
+ analyse: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
+ min| max| avg| stddev| variance| entropy
+ [IAT.........: < 0.001| 1.168| 0.160| 0.366| 133702.353| 2.700]
+ [PKTLEN......: 66.000| 1242.000| 253.400| 374.400| 140199.200| 4.000]
+ [BINS(c->s)..: 0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
+ [BINS(s->c)..: 0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]
+ [DIRECTIONS..: 0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+ [IATS(ms)....: 24.8,0.2,101.3,1168.2,1167.0,967.1,50.8,1119.2,0.0,0.0,51.0,80.3,2.0,2.7,3.7,0.0,0.0,0.0,10.7,24.2,9.3,21.5,4.5,19.9,25.3,9.2,24.4,24.6,9.5,26.0,24.3]
+ [PKTLENS.....: 140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102]
+ [ENTROPIES...: 5.4,5.4,5.6,5.5,5.5,5.5,6.4,5.5,5.3,7.8,7.8,5.4,6.1,5.3,7.8,7.8,5.4,6.9,6.4,5.9,6.0,6.1,5.4,6.3,6.1,6.0,6.3,6.0,6.1,6.2,6.1,6.2]
+ idle: [....72] [ip4][..tcp] [....192.168.1.6][50014] -> [.52.114.250.152][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS
+ end: [....64] [ip4][..tcp] [....192.168.1.6][50018] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ RISK: TLS (probably) Not Carrying HTTPS
+ end: [....67] [ip4][..tcp] [....192.168.1.6][50021] -> [.52.114.250.123][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ RISK: TLS (probably) Not Carrying HTTPS
+ idle: [....83] [ip4][.icmp] [..93.71.110.205] -> [....192.168.1.6] [ICMP][Unknown][Network][Acceptable]
+ end: [....73] [ip4][..tcp] [....192.168.1.6][50036] -> [.52.114.250.153][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ RISK: TLS Cert Mismatch, TLS (probably) Not Carrying HTTPS
+ idle: [.....5] [ip4][..tcp] [....192.168.1.6][60533] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+ idle: [.....8] [ip4][..tcp] [....192.168.1.6][60536] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+ idle: [....23] [ip4][..tcp] [....192.168.1.6][60542] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+ idle: [....43] [ip4][..tcp] [....192.168.1.6][60554] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+ RISK: TLS (probably) Not Carrying HTTPS
+ idle: [....47] [ip4][..tcp] [....192.168.1.6][60557] -> [.52.113.194.132][..443] [TLS.Teams][Skype_Teams][Collaborative][Safe]
+ RISK: TLS (probably) Not Carrying HTTPS
+ idle: [....76] [ip4][..udp] [....192.168.1.6][50016] -> [....192.168.0.4][50005] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ idle: [....55] [ip4][..tcp] [....192.168.1.6][60563] -> [.52.169.186.119][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
+ idle: [....17] [ip4][..udp] [....192.168.1.6][63106] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+ idle: [....77] [ip4][..udp] [....192.168.1.6][50036] -> [....192.168.0.4][50020] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port, Unidirectional Traffic
+ idle: [....38] [ip4][..udp] [....192.168.1.6][65230] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+ idle: [....13] [ip4][..udp] [........0.0.0.0][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
+ idle: [....36] [ip4][..udp] [....192.168.1.6][61245] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+ RISK: Minor Issues
+ idle: [....16] [ip4][..udp] [....192.168.1.6][51033] -> [....192.168.1.1][...53] [DNS.Skype_Teams][Unknown][Network][Acceptable]
+ end: [.....4] [ip4][..tcp] [....192.168.1.6][60532] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ RISK: TLS (probably) Not Carrying HTTPS
+ end: [.....7] [ip4][..tcp] [....192.168.1.6][60535] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ RISK: TLS (probably) Not Carrying HTTPS
+ end: [.....9] [ip4][..tcp] [....192.168.1.6][60537] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ RISK: TLS (probably) Not Carrying HTTPS
+ idle: [....18] [ip4][..tcp] [....192.168.1.6][60538] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ idle: [....19] [ip4][..tcp] [....192.168.1.6][60539] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
+ idle: [....24] [ip4][..udp] [....192.168.1.6][65387] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe]
+ idle: [....20] [ip4][..tcp] [....192.168.1.6][60540] -> [...52.114.75.70][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ idle: [....21] [ip4][..tcp] [....192.168.1.6][60541] -> [...52.114.75.69][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
+ end: [....25] [ip4][..tcp] [....192.168.1.6][60543] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ RISK: TLS (probably) Not Carrying HTTPS
+ idle: [....26] [ip4][..tcp] [....192.168.1.6][60544] -> [...52.114.76.48][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ idle: [....28] [ip4][..tcp] [....192.168.1.6][60545] -> [...52.114.77.58][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ idle: [....32] [ip4][..tcp] [....192.168.1.6][60547] -> [...52.114.88.59][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ end: [....33] [ip4][..tcp] [....192.168.1.6][60548] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ RISK: TLS (probably) Not Carrying HTTPS
+ idle: [....40] [ip4][..tcp] [....192.168.1.6][60551] -> [...52.114.15.45][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ RISK: TLS (probably) Not Carrying HTTPS
+ end: [....42] [ip4][..tcp] [....192.168.1.6][60552] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ RISK: TLS (probably) Not Carrying HTTPS
+ idle: [....45] [ip4][..tcp] [....192.168.1.6][60555] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ RISK: TLS (probably) Not Carrying HTTPS
+ end: [....48] [ip4][..tcp] [....192.168.1.6][60559] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ RISK: TLS (probably) Not Carrying HTTPS
+ end: [....51] [ip4][..tcp] [....192.168.1.6][60561] -> [...52.114.77.33][..443] [TLS.Microsoft][Azure][Cloud][Safe]
+ RISK: TLS (probably) Not Carrying HTTPS
+ idle: [....59] [ip4][..tcp] [....192.168.1.6][60565] -> [...52.114.108.8][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ idle: [....74] [ip4][..tcp] [....192.168.1.6][60567] -> [..52.114.77.136][..443] [TLS.Teams][Azure][Collaborative][Safe]
+ RISK: TLS (probably) Not Carrying HTTPS
+ idle: [.....1] [ip4][..udp] [....192.168.0.1][...68] -> [255.255.255.255][...67] [DHCP][Unknown][Network][Acceptable]
+ idle: [....11] [ip4][..udp] [....192.168.1.6][17500] -> [255.255.255.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+ guessed: [.....2] [ip4][..tcp] [....192.168.1.6][58533] -> [.149.154.167.91][..443] [Telegram][Telegram][Chat][Acceptable]
+ RISK: Unidirectional Traffic
+ end: [.....2] [ip4][..tcp] [....192.168.1.6][58533] -> [.149.154.167.91][..443]
+ idle: [....34] [ip4][..udp] [....192.168.1.6][59403] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable]
+ idle: [....35] [ip4][..tcp] [....192.168.1.6][60549] -> [...13.107.18.11][..443] [TLS.Microsoft365][Outlook][Collaborative][Acceptable]
+ idle: [....44] [ip4][..udp] [....192.168.1.6][51309] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
+ end: [....30] [ip4][..tcp] [....192.168.1.6][60546] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe]
+ RISK: Known Proto on Non Std Port
+ idle: [....12] [ip4][..udp] [....192.168.1.6][17500] -> [..192.168.1.255][17500] [Dropbox][Unknown][Cloud][Acceptable]
+ idle: [....61] [ip4][..tcp] [....192.168.1.6][60566] -> [.167.99.215.164][.4434] [TLS.ntop][Unknown][Network][Safe]
+ RISK: Known Proto on Non Std Port
+ idle: [....31] [ip4][..udp] [....192.168.1.6][57504] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+ guessed: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478] [Skype_Teams][Azure][VoIP][Acceptable]
+ RISK: Susp Entropy
+ idle: [....62] [ip4][..udp] [....192.168.1.6][51681] -> [..52.114.77.136][.3478]
+ idle: [....27] [ip4][..udp] [....192.168.1.6][57530] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe]
+ not-detected: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750] [Unknown][Unknown][Unrated]
+ idle: [....60] [ip4][..tcp] [..151.11.50.139][.2222] -> [....192.168.1.6][54750]
+ idle: [....22] [ip4][..udp] [....192.168.1.6][49514] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+ idle: [....78] [ip4][..udp] [..93.71.110.205][16332] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ idle: [....79] [ip4][..udp] [..93.71.110.205][16333] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ idle: [....37] [ip4][..udp] [....192.168.1.6][53678] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+ idle: [....56] [ip4][..udp] [....192.168.1.6][63930] -> [....192.168.1.1][...53] [DNS.Microsoft][Unknown][Network][Safe]
+ idle: [....65] [ip4][..udp] [....192.168.1.6][55765] -> [....192.168.1.1][...53] [DNS.Azure][Unknown][Network][Acceptable]
+ idle: [....49] [ip4][..udp] [..192.168.1.112][57621] -> [..192.168.1.255][57621] [Spotify][Unknown][Music][Fun]
+ idle: [....29] [ip4][..tcp] [.162.125.19.131][..443] -> [....192.168.1.6][60344] [TLS][Dropbox][Web][Safe]
+ idle: [....10] [ip4][..udp] [....192.168.1.6][64046] -> [....192.168.1.1][...53] [DNS.ntop][Unknown][Network][Safe]
+ RISK: Error Code
+ idle: [....68] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+ idle: [....63] [ip4][..udp] [....192.168.1.6][50016] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+ idle: [....81] [ip4][..udp] [...52.114.252.8][.3479] -> [....192.168.1.6][50016] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ idle: [....69] [ip4][..udp] [....192.168.1.6][50017] -> [.52.114.250.141][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+ idle: [....70] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+ idle: [....66] [ip4][..udp] [....192.168.1.6][50036] -> [.52.114.250.123][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+ idle: [....71] [ip4][..udp] [....192.168.1.6][50037] -> [.52.114.250.137][.3478] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+ idle: [....80] [ip4][..udp] [..52.114.252.21][.3480] -> [....192.168.1.6][50036] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable]
+ RISK: Known Proto on Non Std Port
+ idle: [....52] [ip4][..udp] [....192.168.1.6][54069] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
+ end: [.....6] [ip4][..tcp] [....192.168.1.6][60534] -> [.....40.126.9.5][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable]
+ end: [....46] [ip4][..tcp] [....192.168.1.6][60556] -> [.....40.126.9.7][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable]
+ end: [....50] [ip4][..tcp] [....192.168.1.6][60560] -> [....40.126.9.67][..443] [TLS.Microsoft365][Microsoft365][Collaborative][Acceptable]
+ end: [....14] [ip4][..tcp] [..93.62.150.157][..443] -> [....192.168.1.6][60512] [TLS][Unknown][Web][Safe]
+ idle: [....41] [ip4][..udp] [....192.168.1.6][58457] -> [....192.168.1.1][...53] [DNS.Microsoft365][Unknown][Network][Acceptable]
+ idle: [....57] [ip4][..tcp] [....192.168.1.6][60564] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
+ idle: [....82] [ip4][..tcp] [....192.168.1.6][60568] -> [...40.79.138.41][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
+ idle: [....54] [ip4][..udp] [....192.168.1.6][62735] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
+ idle: [....15] [ip4][..udp] [....192.168.1.6][56634] -> [....192.168.1.1][...53] [DNS.Apple][Unknown][Network][Safe]
+ idle: [.....3] [ip4][..udp] [....192.168.1.6][60813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable]
+ idle: [....58] [ip4][..udp] [....192.168.1.6][62863] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+ idle: [....75] [ip4][..udp] [....192.168.1.6][60837] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+ idle: [....53] [ip4][..tcp] [....192.168.1.6][60562] -> [.104.40.187.151][..443] [TLS.Skype_Teams][Azure][VoIP][Acceptable]
+ idle: [....39] [ip4][..udp] [....192.168.1.6][50653] -> [....192.168.1.1][...53] [DNS.Teams][Unknown][Network][Safe]
+ DAEMON-EVENT: shutdown
Powered by cgit, Themed by Ted Yin.